Re: IPSec Blues

2009-12-14 Thread Aaron Mason
On Fri, Dec 4, 2009 at 6:27 PM, Paul wrote: >> ipsec.conf server in my place.org: >> ike passive esp from myplace.org to 0.0.0.0/0 peer 0.0.0.0/0 >> Client (anywhere outside): >> ike esp from 0.0.0.0/0 to myplace.org peer 192.168.2.2 >> > > In the above to lines, the peer keyword/values are superf

Re: IPSec Blues

2009-12-03 Thread Paul
> ipsec.conf server in my place.org: > ike passive esp from myplace.org to 0.0.0.0/0 peer 0.0.0.0/0 > Client (anywhere outside): > ike esp from 0.0.0.0/0 to myplace.org peer 192.168.2.2 > In the above to lines, the peer keyword/values are superflous since they are identical to the destination sp

Re: IPSec Blues

2009-12-03 Thread Aaron Mason
On Thu, Dec 3, 2009 at 10:19 PM, Christoph Leser wrote: >> -Urspr|ngliche Nachricht- >> Von: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] >> Im Auftrag von Aaron Mason >> Gesendet: Mittwoch, 2. Dezember 2009 23:14 >> An: OpenBSD >> Betreff: Re

Re: IPSec Blues

2009-12-03 Thread francisco
On Thu, 3 Dec 2009 02:24:18 -0800 Paul wrote: > > I even tried using the pf.conf file listed in that > > file (while making changes to suit my configuration)... no dice. > > > > First, I would double check the pf rules. One way is to have pf log packets > that get blocked and then run tcpdump

Re: IPSec Blues

2009-12-03 Thread Christoph Leser
> -Urspr|ngliche Nachricht- > Von: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] > Im Auftrag von Aaron Mason > Gesendet: Mittwoch, 2. Dezember 2009 23:14 > An: OpenBSD > Betreff: Re: IPSec Blues > > > On Wed, Dec 2, 2009 at 11:02 AM, Bryan Irvine >

Re: IPSec Blues

2009-12-03 Thread Paul
> I even tried using the pf.conf file listed in that > file (while making changes to suit my configuration)... no dice. > First, I would double check the pf rules. One way is to have pf log packets that get blocked and then run tcpdump on the pflog0 interface: #tcpdump -e -i pflog0 When the -

Re: IPSec Blues

2009-12-02 Thread Aaron Mason
On Wed, Dec 2, 2009 at 11:02 AM, Bryan Irvine wrote: >> Does somebody know about an updated guide/tutorial? > > ipsec(4) > ipsec.conf(5) > isakmpd(8) > > -B > > The saga continues. The guide I've been following is at http://www.openbsdsupport.org/vpn-ipsec.html - it's a bit outdated but it seems

Re: IPSec Blues

2009-12-02 Thread Jussi Peltola
Try setting srcid and dstid manually (I used FQDN:s and pubkeys to make it work, didn't succeed with IP addresses), you might also try testing with a PSK to eliminate one part of the equation.

Re: IPSec Blues

2009-12-01 Thread Bryan Irvine
> Does somebody know about an updated guide/tutorial? ipsec(4) ipsec.conf(5) isakmpd(8) -B

Re: IPSec Blues

2009-12-01 Thread OpenBSD
On Monday 30 November 2009 5:17:38 pm Aaron Mason wrote: > On Tue, Dec 1, 2009 at 10:28 AM, Aaron Mason > > > The listing of ipsec.conf is as follows: > > > > obsd-ipsec-left: > > ike esp from 192.168.120.0/24 to 192.168.33.0/24 peer 10.255.255.6 > > ike esp from 10.255.255.5 to 192.168.33.0/24

Re: IPSec Blues

2009-11-30 Thread Aaron Mason
On Tue, Dec 1, 2009 at 10:28 AM, Aaron Mason wrote: > Hi all, > > I've been looking to mess around with IPSec for quite some time now, > and sadly all I've had is perpetual failure. > > I found this guide - http://www.securityfocus.com/infocus/1859 - and > followed it apart from the NAT bits. Whe

IPSec Blues

2009-11-30 Thread Aaron Mason
Hi all, I've been looking to mess around with IPSec for quite some time now, and sadly all I've had is perpetual failure. I found this guide - http://www.securityfocus.com/infocus/1859 - and followed it apart from the NAT bits. When the two endpoints try to talk, they fall over in a heap. The s