From owner-freebsd-security Mon Dec 17 9:15:35 2001 Delivered-To: freebsd-security@freebsd.org Received: from hale.inty.net (hale.inty.net [195.92.21.144]) by hub.freebsd.org (Postfix) with ESMTP id 118B537B419 for ; Mon, 17 Dec 2001 09:15:30 -0800 (PST) Received: from inty.hq.inty.net (inty.hq.inty.net [213.38.150.150]) by hale.inty.net (8.11.3/8.11.3) with ESMTP id fBHHFJ428466; Mon, 17 Dec 2001 17:15:19 GMT Received: from tariq ([10.0.1.156]) by inty.hq.inty.net (8.12.1/8.9.3) with SMTP id fBHHFIgD012078; Mon, 17 Dec 2001 17:15:18 GMT From: "Tariq Rashid" To: "Marco Walraven" , Subject: RE: isakmpd & ssh sentinel Date: Mon, 17 Dec 2001 17:18:34 -0000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20011217181009.A62958@enigma.whacky.net> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-suppress-rcpt-virus-notify: yes X-Skip-Virus-Check: yes X-Virus-Checked: 53782 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org get the latest isakmpd to fix the cup problem. in fact the nice people at openbsd have made the latest isakmpd sources compile with no extra patches reqd for freebsd. how are you using sentinel? in aggressive mode? with identification by ip address or ufqd or certs? tariq -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Marco Walraven Sent: 17 December 2001 17:10 To: freebsd-security@freebsd.org Subject: isakmpd & ssh sentinel Hi, I'm trying to setup a VPN connection between isakmpd and a few road warriors who run ssh sentinel. I installed isamkpd and tried some of the configuration files. Everytime I start isakmpd with 'isakmpd -d -DA=99' i get these messages(see below). It also chokes up the CPU. Furthermore, if I try to connect from a ssh sentinel client, it does not accept a connection which should be normal if this was indeed an error (which I think it is). The kernel I use has, IPSEC compiled in it and the system also forwards packets, which are needed to run isakmpd. However, does anyone recognize these problems or know how to fix ehm and has anyone successfully established a VPN(with pre shared keys) between isakmpd and ssh sentinel ? I know there are some issues between the two, but is it possible in the first place, or should someone try racoon instead ?. Regards, Marco Walraven isakmpd -d -DA=99 175249.982251 Misc 60 conf_get_str: [General]:Listen-on->192.168.2.1 175249.982395 Misc 60 conf_get_str: [General]:Listen-on->192.168.2.1 175249.982483 Misc 60 conf_get_str: [General]:Listen-on->192.168.2.1 175249.982570 Trpt 70 transport_add: adding 0x8076080 175249.988149 Trpt 90 transport_reference: transport 0x8076080 now has 1 references 175249.988206 Misc 60 conf_get_str: [General]:Listen-on->192.168.2.1 175250.015566 Trpt 90 transport_reference: transport 0x8076080 now has 2 references 175250.016079 Trpt 90 transport_release: transport 0x8076080 had 2 references 175250.016420 Trpt 90 transport_reference: transport 0x8076080 now has 2 referen ces Which keeps on going. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message intY has automatically scanned this email with Sophos Anti-Virus (www.inty.net) intY has automatically scanned this email with Sophos Anti-Virus (www.inty.net) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message