Date: Thu, 4 Oct 2001 14:23:34 +0100 From: "Terry" <terry432@hotmail.com> To: <freebsd-security@freebsd.org> Subject: isakmpd policy file ignored? and CPU usage at 99% Message-ID: <MPENKFCCIIDAJKJJOLBHOEGOCAAA.terry432@hotmail.com>
next in thread | raw e-mail | index | archive | help
using the isakmpd port to freebsd 4.4. the policy file (/etc/isakmpd.policy) seems to be ignored: KeyNote-Version: 2 Comment: This policy accepts ESP SAs from a remote that uses the right password Authorizer: "POLICY" Licensees: "passphrase:secret3" Conditions: app_domain == "IPsec policy" && esp_present == "yes" -> "true"; the isakmpd.conf file contains : Policy-File= /etc/isakmpd.policy and isakmpd is run with a "-c /etc/isakmpd.conf". The isakmpd.conf has a chmod of 0600. Now, changing the secret passphrase has no effect at all negotiations. restarting all isakmpds fails to recognise the false passphrase. is this a known issue? -- also why does teh daemon repeatedy give: 131338.287868 Default pf_key_v2_flow: SPDADD: File exists isakmpd in free(): warning: junk pointer, too high to make sense. and the isakmpd CPU usage remains at 98-99% ? terry ----------------------------------------------- Information in this electronic mail message is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorised. If you are not the intended recipient any use, disclosure, copying or distribution of this message is prohibited and may be unlawful. When addressed to our customers, any information contained in this message is subject to Intelligent Network Technology Ltd Terms & Conditions. ----------------------------------------------- Take part in the intY 2001 Email Usage survey online at http://www.inty.net/email/survey.html ----------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MPENKFCCIIDAJKJJOLBHOEGOCAAA.terry432>