Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 31 Dec 2001 11:01:41 +0200
From:      "Etienne Ledoux" <etienne@unix.za.org>
To:        <security@freebsd.org>
Cc:        <freebsd-questions@freebsd.org>
Subject:   Problems getting isakmpd working on FreeBSD.
Message-ID:  <00b501c191d9$c6d3bae0$09f223c4@M4DC0W>
next in thread | raw e-mail | index | archive | help 
Greetings,

Anybody got a working example of isakmpd on FreeBSD.
I've been following guides mainly intended for OpenBSD it seems (due to a
lack of finding any for FreeBSD).

I used the conf and policy files of various working examples.
http://www.allard.nu/openbsd/isakmpd.conf
http://www.allard.nu/openbsd/isakmpd.policy
and others...

But when I start isakmpd I get the following errors:

094416.943999 Misc 60 conf_get_str: configuration value not found
[QM-AH-BLF-RIPEMD-PFS-XF]:ENCAPSULATION_MODE
094416.944033 Misc 70 conf_set:
[QM-AH-BLF-RIPEMD-PFS-XF]:ENCAPSULATION_MODE->TUNNEL
094416.944063 Misc 60 conf_get_str: configuration value not found
[QM-AH-BLF-RIPEMD-PFS-XF]:AUTHENTICATION_ALGORITHM
094416.944096 Misc 70 conf_set:
[QM-AH-BLF-RIPEMD-PFS-XF]:AUTHENTICATION_ALGORITHM->HMAC_RIPEMD
094416.944128 Misc 60 conf_get_str: configuration value not found
[QM-AH-BLF-RIPEMD-PFS-XF]:GROUP_DESCRIPTION
094416.944160 Misc 70 conf_set:
[QM-AH-BLF-RIPEMD-PFS-XF]:GROUP_DESCRIPTION->MODP_1024
..
..the list continues.

The only thing I haven't done that is mentioned in the documentation(s)
(http://www.allard.nu/openbsd/openbsd.shtml, etc.) available.
<snip>

Edit your /etc/sysctl.conf to include the things below (reboot afterwards):

  net.inet.ip.forwarding=1    # 1=Permit forwarding
  net.inet.esp.enable=1       # 1=Enable the ESP IPSec protocol


and if you are running 2.7 you need this aswell:

  net.inet.ip.ipsec-acl=0     # 0=disable IPsec ingress ACL checking

<snip>

Would these values be the same for FreeBSD?  (Stupid question maybe)

I tried adding these values using : sysctl <name>=<value>

###
[root@bbmwall root]# sysctl net.inet.esp.enable=1
sysctl: unknown oid 'net.inet.esp.enable'
###

Maybe this is my problem ?

Any ideas.

tx in advance.

Etienne.

Any Help would be appreciated with regards to getting isakmp working on
FreeBSD



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00b501c191d9$c6d3bae0$09f223c4>