From owner-freebsd-security Thu Oct 4 6:23:36 2001 Delivered-To: freebsd-security@freebsd.org Received: from hale.inty.net (hale.inty.net [195.92.21.144]) by hub.freebsd.org (Postfix) with ESMTP id 55E6C37B40A for ; Thu, 4 Oct 2001 06:23:29 -0700 (PDT) Received: from inty.hq.inty.net (inty.hq.inty.net [213.38.150.150]) by hale.inty.net (8.11.3/8.11.2) with ESMTP id f94DNMn09231 for ; Thu, 4 Oct 2001 14:23:23 +0100 (BST) Received: from tariq ([10.0.1.156]) by inty.hq.inty.net (8.9.3/8.9.3) with SMTP id OAA14119 for ; Thu, 4 Oct 2001 14:23:21 +0100 (BST) From: "Terry" To: Subject: isakmpd policy file ignored? and CPU usage at 99% Date: Thu, 4 Oct 2001 14:23:34 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org using the isakmpd port to freebsd 4.4. the policy file (/etc/isakmpd.policy) seems to be ignored: KeyNote-Version: 2 Comment: This policy accepts ESP SAs from a remote that uses the right password Authorizer: "POLICY" Licensees: "passphrase:secret3" Conditions: app_domain == "IPsec policy" && esp_present == "yes" -> "true"; the isakmpd.conf file contains : Policy-File= /etc/isakmpd.policy and isakmpd is run with a "-c /etc/isakmpd.conf". The isakmpd.conf has a chmod of 0600. Now, changing the secret passphrase has no effect at all negotiations. restarting all isakmpds fails to recognise the false passphrase. is this a known issue? -- also why does teh daemon repeatedy give: 131338.287868 Default pf_key_v2_flow: SPDADD: File exists isakmpd in free(): warning: junk pointer, too high to make sense. and the isakmpd CPU usage remains at 98-99% ? terry ----------------------------------------------- Information in this electronic mail message is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorised. If you are not the intended recipient any use, disclosure, copying or distribution of this message is prohibited and may be unlawful. When addressed to our customers, any information contained in this message is subject to Intelligent Network Technology Ltd Terms & Conditions. ----------------------------------------------- Take part in the intY 2001 Email Usage survey online at http://www.inty.net/email/survey.html ----------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message