From owner-freebsd-net@FreeBSD.ORG Wed Jun 23 08:32:30 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BE1FC106564A for ; Wed, 23 Jun 2010 08:32:30 +0000 (UTC) (envelope-from vanhu@zeninc.net) Received: from smtp.zeninc.net (smtp.zeninc.net [80.67.176.25]) by mx1.freebsd.org (Postfix) with ESMTP id 7523B8FC28 for ; Wed, 23 Jun 2010 08:32:30 +0000 (UTC) Received: from astro.zen.inc (astro.zen.inc [192.168.1.239]) by smtp.zeninc.net (smtpd) with ESMTP id 455CD2798BC; Wed, 23 Jun 2010 10:32:29 +0200 (CEST) Received: by astro.zen.inc (Postfix, from userid 1000) id 2640C17063; Wed, 23 Jun 2010 10:32:29 +0200 (CEST) Date: Wed, 23 Jun 2010 10:32:29 +0200 From: VANHULLEBUS Yvan To: ralf@dzie-ciuch.pl Message-ID: <20100623083228.GA74453@zeninc.net> References: <20100622153541.GA72211@zeninc.net> <6caa9895ae1710b9f48a227116a4340c@ewipo.pl> <20100622190819.270aaa74@gda-arsenic> <4f378cfb416582c3081377ba714e508a@ewipo.pl> <20100622201130.5824d585@gda-arsenic> <20100622182242.GU2620@verio.net> <20100622204107.6c604c17@gda-arsenic> <20100623080555.GB74303@zeninc.net> <5e8d1141ecf3d922c00114e41585a67f@ewipo.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5e8d1141ecf3d922c00114e41585a67f@ewipo.pl> User-Agent: All mail clients suck. This one just sucks less. Cc: freebsd-net@freebsd.org Subject: Re: vpn trouble X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jun 2010 08:32:30 -0000 On Wed, Jun 23, 2010 at 10:28:48AM +0200, ralf@dzie-ciuch.pl wrote: > Ok I found that my psk.txt has got wrong permissions Yes, we'll have to set up a more explicit error message when psk file has wrong permissions..... > Now I can get SAD keys! > > ISAKMP-SA established 78.x.x.x[500]-95.x.x.x[500] > spi:8a8881ee5182cbfb:53dab6ad5a65629d According to that log, you coud establish an IsakmpSA, so only the phase1 is ok.... Do you also have later some logs like: : INFO : IPsec-SA established: ESP/Tunnel Yvan.