Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 17 Dec 2001 17:18:34 -0000
From:      "Tariq Rashid" <tariq@inty.net>
To:        "Marco Walraven" <walraven@fearlabs.com>, <freebsd-security@freebsd.org>
Subject:   RE: isakmpd & ssh sentinel
Message-ID:  <MPENKFCCIIDAJKJJOLBHOEFDCEAA.tariq@inty.net>
In-Reply-To: <20011217181009.A62958@enigma.whacky.net>

next in thread | previous in thread | raw e-mail | index | archive | help

get the latest isakmpd to fix the cup problem.
in fact the nice people at openbsd have made the latest isakmpd sources
compile with no extra patches reqd for freebsd.

how are you using sentinel? in aggressive mode? with identification by ip
address or ufqd or certs?

tariq

-----Original Message-----
From: owner-freebsd-security@FreeBSD.ORG
[mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Marco Walraven
Sent: 17 December 2001 17:10
To: freebsd-security@freebsd.org
Subject: isakmpd & ssh sentinel


Hi,

I'm trying to setup a VPN connection between isakmpd and a few road warriors
who run ssh sentinel. I installed isamkpd and tried some of the
configuration
files. Everytime I start isakmpd with 'isakmpd -d -DA=99' i get these
messages(see below). It also chokes up the CPU. Furthermore, if I try
to connect from a ssh sentinel client, it does not accept a connection
which should be normal if this was indeed an error (which I think it is).

The kernel I use has, IPSEC compiled in it and the system also forwards
packets, which are needed to run isakmpd.

However, does anyone recognize these problems or know how to fix ehm and
has anyone successfully established a VPN(with pre shared keys) between
isakmpd
and ssh sentinel ?  I know there are some issues between the two, but is
it possible in the first place, or should someone try racoon instead ?.

Regards,

Marco Walraven


isakmpd -d -DA=99
<snip>
175249.982251 Misc 60 conf_get_str: [General]:Listen-on->192.168.2.1
175249.982395 Misc 60 conf_get_str: [General]:Listen-on->192.168.2.1
175249.982483 Misc 60 conf_get_str: [General]:Listen-on->192.168.2.1
175249.982570 Trpt 70 transport_add: adding 0x8076080
175249.988149 Trpt 90 transport_reference: transport 0x8076080 now has 1
references
175249.988206 Misc 60 conf_get_str: [General]:Listen-on->192.168.2.1
175250.015566 Trpt 90 transport_reference: transport 0x8076080 now has 2
references
175250.016079 Trpt 90 transport_release: transport 0x8076080 had 2
references
175250.016420 Trpt 90 transport_reference: transport 0x8076080 now has 2
referen
ces

Which keeps on going.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

intY has automatically scanned this email with Sophos Anti-Virus
(www.inty.net)



intY has automatically scanned this email with Sophos Anti-Virus (www.inty.net)



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MPENKFCCIIDAJKJJOLBHOEFDCEAA.tariq>