From owner-freebsd-net@FreeBSD.ORG Wed Jun 23 08:37:29 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8B7AE1065672; Wed, 23 Jun 2010 08:37:29 +0000 (UTC) (envelope-from ralf@dzie-ciuch.pl) Received: from mail.ewipo.pl (mail.ewipo.pl [94.23.240.128]) by mx1.freebsd.org (Postfix) with ESMTP id 498E48FC0C; Wed, 23 Jun 2010 08:37:29 +0000 (UTC) Received: from mail.ewipo.pl (localhost [127.0.0.1]) by mail.ewipo.pl (Postfix) with ESMTP id C0BEA22930; Wed, 23 Jun 2010 10:37:21 +0200 (CEST) X-Virus-Scanned: amavisd-new at wrealizacji.pl Received: from mail.ewipo.pl ([127.0.0.1]) by mail.ewipo.pl (mail.ewipo.pl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bdjN5T-UGjmo; Wed, 23 Jun 2010 10:37:19 +0200 (CEST) Received: by mail.ewipo.pl (Postfix, from userid 80) id DD91B2291D; Wed, 23 Jun 2010 10:37:18 +0200 (CEST) To: VANHULLEBUS Yvan X-PHP-Script: poczta.wrealizacji.pl/index.php for 89.171.191.50 MIME-Version: 1.0 Date: Wed, 23 Jun 2010 10:37:18 +0200 From: In-Reply-To: <20100623083228.GA74453@zeninc.net> References: <20100622153541.GA72211@zeninc.net> <6caa9895ae1710b9f48a227116a4340c@ewipo.pl> <20100622190819.270aaa74@gda-arsenic> <4f378cfb416582c3081377ba714e508a@ewipo.pl> <20100622201130.5824d585@gda-arsenic> <20100622182242.GU2620@verio.net> <20100622204107.6c604c17@gda-arsenic> <20100623080555.GB74303@zeninc.net> <5e8d1141ecf3d922c00114e41585a67f@ewipo.pl> <20100623083228.GA74453@zeninc.net> Message-ID: X-Sender: ralf@dzie-ciuch.pl User-Agent: EWIPO Webmail/0.3.1 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Cc: freebsd-net@freebsd.org Subject: Re: vpn trouble X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jun 2010 08:37:29 -0000 On Wed, 23 Jun 2010 10:32:29 +0200, VANHULLEBUS Yvan wrote: > On Wed, Jun 23, 2010 at 10:28:48AM +0200, ralf@dzie-ciuch.pl wrote: >> Ok I found that my psk.txt has got wrong permissions > > Yes, we'll have to set up a more explicit error message when psk file > has wrong permissions..... Ok. I fix it using chmod 0600 psk.txt > > >> Now I can get SAD keys! >> >> ISAKMP-SA established 78.x.x.x[500]-95.x.x.x[500] >> spi:8a8881ee5182cbfb:53dab6ad5a65629d > > According to that log, you coud establish an IsakmpSA, so only the > phase1 is ok.... > > Do you also have later some logs like: > : INFO : IPsec-SA established: ESP/Tunnel > Yes I got: 2010-06-23 10:18:06: DEBUG: pfkey UPDATE succeeded: ESP/Tunnel 95.x.x.x[0]->78.x.x.x[0] spi=224712000(0xd64d540) 2010-06-23 10:18:06: INFO: IPsec-SA established: ESP/Tunnel 95.x.x.x[0]->78.x.x.x[0] spi=224712000(0xd64d540) 2010-06-23 10:18:06: INFO: IPsec-SA established: ESP/Tunnel 78.x.x.x[0]->95.x.x.x[0] spi=3926551409(0xea0a6b71) 2010-06-23 10:25:30: DEBUG: (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0) 2010-06-23 10:25:30: DEBUG: pfkey GETSPI sent: ESP/Tunnel 95.x.x.x[0]->78.x.x.x[0] 2010-06-23 10:25:30: DEBUG: pfkey GETSPI succeeded: ESP/Tunnel 95.x.x.x[0]->78.x.x.x[0] spi=126966409(0x7915a89) Is it good? Ralf