From owner-freebsd-questions Mon Dec 31 11:29:44 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.uskonet.com (mail.uskonet.com [196.3.164.41]) by hub.freebsd.org (Postfix) with ESMTP id 7D90037B437 for ; Mon, 31 Dec 2001 11:29:34 -0800 (PST) Received: from unix.za.org (sin.uskonet.com [196.41.195.16]) by mail.uskonet.com (8.11.0/8.11.0) with ESMTP id fBVJR1P04433 for ; Mon, 31 Dec 2001 21:27:02 +0200 Message-ID: <3C30BC46.6050601@unix.za.org> Date: Mon, 31 Dec 2001 21:28:06 +0200 From: Etienne Ledoux User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.4) Gecko/20011010 X-Accept-Language: en-us MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: Problems getting isakmpd working on FreeBSD. References: <754EE571E3C8AB4AAD0B26486CAF495E2B0EE6@hq-lab-exch-001.Legal-Aid.co.za> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Maybe its a problem with my conf file ? I notice that the first error starts with : 203800.262418 Misc 60 conf_get_str: configuration value not found [Phase 1]:Default 203800.262521 Misc 70 conf_set: [Phase 1]:Default->ISAKMP-clients 203800.262602 Misc 60 conf_get_str: configuration value not found [Phase 2]:Passive-Connections 203800.262691 Misc 70 conf_set: [Phase 2]:Passive-Connections->IPsec-clients 203800.262770 Misc 60 conf_get_str: configuration value not found [ISAKMP-clients]:Phase 203800.262858 Misc 70 conf_set: [ISAKMP-clients]:Phase->1 ## Which is the first lines in my config file. [Phase 1] Default=ISAKMP-clients [Phase 2] Passive-Connections=IPsec-clients # Phase 1 peer sections ####################### [ISAKMP-clients] Phase=1 Transport=udp Configuration=PGP-main-mode Any hints ? E. >>-----Original Message----- >>From: Etienne Ledoux [mailto:etienne@unix.za.org] >>Sent: Monday, December 31, 2001 11:02 AM >>To: security@FreeBSD.ORG >>Cc: freebsd-questions@FreeBSD.ORG >>Subject: Problems getting isakmpd working on FreeBSD. >> >> >>Greetings, >> >>Anybody got a working example of isakmpd on FreeBSD. >>I've been following guides mainly intended for OpenBSD it seems (due to a >>lack of finding any for FreeBSD). >> >>I used the conf and policy files of various working examples. >>http://www.allard.nu/openbsd/isakmpd.conf >>http://www.allard.nu/openbsd/isakmpd.policy >>and others... >> >>But when I start isakmpd I get the following errors: >> >>094416.943999 Misc 60 conf_get_str: configuration value not found >>[QM-AH-BLF-RIPEMD-PFS-XF]:ENCAPSULATION_MODE >>094416.944033 Misc 70 conf_set: >>[QM-AH-BLF-RIPEMD-PFS-XF]:ENCAPSULATION_MODE->TUNNEL >>094416.944063 Misc 60 conf_get_str: configuration value not found >>[QM-AH-BLF-RIPEMD-PFS-XF]:AUTHENTICATION_ALGORITHM >>094416.944096 Misc 70 conf_set: >>[QM-AH-BLF-RIPEMD-PFS-XF]:AUTHENTICATION_ALGORITHM->HMAC_RIPEMD >>094416.944128 Misc 60 conf_get_str: configuration value not found >>[QM-AH-BLF-RIPEMD-PFS-XF]:GROUP_DESCRIPTION >>094416.944160 Misc 70 conf_set: >>[QM-AH-BLF-RIPEMD-PFS-XF]:GROUP_DESCRIPTION->MODP_1024 >>.. >>..the list continues. >> >>The only thing I haven't done that is mentioned in the documentation(s) >>(http://www.allard.nu/openbsd/openbsd.shtml, etc.) available. >> >> >>Edit your /etc/sysctl.conf to include the things below (reboot >> > afterwards): > >> net.inet.ip.forwarding=1 # 1=Permit forwarding >> net.inet.esp.enable=1 # 1=Enable the ESP IPSec protocol >> >> >>and if you are running 2.7 you need this aswell: >> >> net.inet.ip.ipsec-acl=0 # 0=disable IPsec ingress ACL checking >> >> >> >>Would these values be the same for FreeBSD? (Stupid question maybe) >> >>I tried adding these values using : sysctl = >> >>### >>[root@bbmwall root]# sysctl net.inet.esp.enable=1 >>sysctl: unknown oid 'net.inet.esp.enable' >>### >> >>Maybe this is my problem ? >> >>Any ideas. >> >>tx in advance. >> >>Etienne. >> >>Any Help would be appreciated with regards to getting isakmp working on >>FreeBSD >> > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message