hello all,
i am using -current as of 24.02.2006 and made a realese for my other
machines. i tried the ipsec tutorial which was posted on undeadly.org. i
have to go with one gateway which has a dynamic ip because it is an
adsl-connection which is disconnected after 24 hours. when i try to fire
up the command "ipsecctl -f /etc/ipsec.conf" i get a syntax error for
each line where i put in the fqdn of the remote host (which is dstid). i
read the manpage of ipsec.conf(5) where it says
srcid <fqdn>
This optional parameter defines a FQDN that will be used by
isakmpd(8) as the identity of the local peer.
dstid <fqdn>
Similar to srcid, this optional parameter defines a FQDN to
be used by the remote peer.
i tried this and get a syntax error.
my /etc/ipsec.conf looks like this:
# cat /etc/ipsec.conf
ike passive esp from XXX.XXX.XX.X/24 to XXX.XXX.XX.X/24 peer dstid \
full-qualified.domain.name
ike passive esp from XXX.XXX.XX.XXX/25 to XXX.XXX.XX.X/24 peer dstid \
full-qualified.domain.name
ike passive esp from XXX.XXX.XXX.XX to XXX.XXX.XX.X/24 peer dstid \
full-qualified.domain.name
ike passive esp from XXX.XXX.XXX.XX to dstid full-qualified.domain.name
the output is the following:
# ipsecctl -nf /etc/ipsec.conf
/etc/ipsec.conf: 1: syntax error
/etc/ipsec.conf: 2: syntax error
/etc/ipsec.conf: 3: syntax error
/etc/ipsec.conf: 4: syntax error
ipsecctl: Syntax error in config file: ipsec rules not loaded
on the other machine the config is similar and the error-message too
(everywhere, i put a fqdn as srcid).
/etc/ipsec.conf:
ike esp from XXX.XXX.XX.X/24 to XXX.XXX.XX.X/24 peer XXX.XXX.XXX.XX
ike esp from XXX.XXX.XX.X/24 to XXX.XXX.XX.XXX/25 peer XXX.XXX.XXX.XX
ike esp from srcid fully-qualified.domain.name to 192.168.83.0/24 peer \
XXX.XXX.XXX.XX
ike esp from srcid fully-qualified.domain.name to XXX.XXX.XX.XXX/25 \
peer XXX.XXX.XXX.XX
ike esp from srcid fully-qualified.domain.name to XXX.XXX.XXX.XX
output:
# ipsecctl -f /etc/ipsec.conf
/etc/ipsec.conf: 3: syntax error
/etc/ipsec.conf: 4: syntax error
/etc/ipsec.conf: 5: syntax error
ipsecctl: Syntax error in config file: ipsec rules not loaded
can anyone point my in the correct direction, plz?
thx a lot
marc
dmesg:
OpenBSD 3.9-beta (GENERIC) #1: Wed Mar 8 10:23:11 CET 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class) 1.01 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem = 535318528 (522772K)
avail mem = 481447936 (470164K)
using 4278 buffers containing 26869760 bytes (26240K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(64) BIOS, date 12/14/00, BIOS32 rev. 0 @ 0xf0b90
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf0000/0x13d2
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf1300/208 (11 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0xc000 0xcc000/0x5400
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82815 Hub" rev 0x02: rng active,
398Kb/sec
vga1 at pci0 dev 2 function 0 "Intel 82815 Graphics" rev 0x02: aperture
at 0xf8000000, size 0x4000000
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb0 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x02
pci1 at ppb0 bus 1
xl0 at pci1 dev 9 function 0 "3Com 3c905B 100Base-TX" rev 0x30: irq 11,
address 00:04:76:9e:42:2a
exphy0 at xl0 phy 24: 3Com internal media interface
xl1 at pci1 dev 10 function 0 "3Com 3c905 100Base-TX" rev 0x00: irq 10,
address 00:60:08:2d:35:8d
nsphy0 at xl1 phy 24: DP83840 10/100 PHY, rev. 1
ahc0 at pci1 dev 13 function 0 "Adaptec AIC-7899 U160" rev 0x01: irq 11
scsibus0 at ahc0: 16 targets
sd0 at scsibus0 targ 0 lun 0: <QUANTUM, ATLAS10K2-TY092L, DDD6> SCSI3
0/direct fixed
sd0: 8759MB, 17338 cyl, 3 head, 344 sec, 512 bytes/sec, 17938985 sec total
ahc1 at pci1 dev 13 function 1 "Adaptec AIC-7899 U160" rev 0x01: irq 10
scsibus1 at ahc1: 16 targets
xl2 at pci1 dev 15 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 9,
address 00:e0:18:05:10:1a
exphy1 at xl2 phy 24: 3Com internal media interface
ichpcib0 at pci0 dev 31 function 0 "Intel 82801BA LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82801BA IDE" rev 0x02: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus2 at atapiscsi0: 2 targets
cd0 at scsibus2 targ 0 lun 0: <PIONEER, DVD-ROM DVD-115, 1.11> SCSI0
5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
uhci0 at pci0 dev 31 function 2 "Intel 82801BA USB" rev 0x02: irq 7
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
ichiic0 at pci0 dev 31 function 3 "Intel 82801BA SMBus" rev 0x02: irq 15
iic0 at ichiic0
lm1 at iic0 addr 0x2d: AS99127F
uhci1 at pci0 dev 31 function 4 "Intel 82801BA USB" rev 0x02: irq 9
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
biomask ffe5 netmask ffe5 ttymask ffe7
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
uhub2 at uhub1 port 2
uhub2: ALCOR Generic USB Hub, rev 1.10/1.00, addr 2
uhub2: 4 ports with 4 removable, self powered
ahc0: target 0 using 16bit transfers
ahc0: target 0 synchronous at 80.0MHz DT, offset = 0x7f
dkcsum: sd0 matches BIOS drive 0x80
root on sd0a
rootdev=0x400 rrootdev=0xd00 rawdev=0xd02
