vpn trouble
ralf at dzie-ciuch.pl
ralf at dzie-ciuch.pl
Wed Jun 23 08:37:29 UTC 2010
On Wed, 23 Jun 2010 10:32:29 +0200, VANHULLEBUS Yvan <vanhu at FreeBSD.org>
wrote:
> On Wed, Jun 23, 2010 at 10:28:48AM +0200, ralf at dzie-ciuch.pl wrote:
>> Ok I found that my psk.txt has got wrong permissions
>
> Yes, we'll have to set up a more explicit error message when psk file
> has wrong permissions.....
Ok. I fix it using chmod 0600 psk.txt
>
>
>> Now I can get SAD keys!
>>
>> ISAKMP-SA established 78.x.x.x[500]-95.x.x.x[500]
>> spi:8a8881ee5182cbfb:53dab6ad5a65629d
>
> According to that log, you coud establish an IsakmpSA, so only the
> phase1 is ok....
>
> Do you also have later some logs like:
> <date>: INFO : IPsec-SA established: ESP/Tunnel <IPs> <SPI>
>
Yes I got:
2010-06-23 10:18:06: DEBUG: pfkey UPDATE succeeded: ESP/Tunnel
95.x.x.x[0]->78.x.x.x[0] spi=224712000(0xd64d540)
2010-06-23 10:18:06: INFO: IPsec-SA established: ESP/Tunnel
95.x.x.x[0]->78.x.x.x[0] spi=224712000(0xd64d540)
2010-06-23 10:18:06: INFO: IPsec-SA established: ESP/Tunnel
78.x.x.x[0]->95.x.x.x[0] spi=3926551409(0xea0a6b71)
2010-06-23 10:25:30: DEBUG: (proto_id=ESP spisize=4 spi=00000000
spi_p=00000000 encmode=Tunnel reqid=0:0)
2010-06-23 10:25:30: DEBUG: pfkey GETSPI sent: ESP/Tunnel
95.x.x.x[0]->78.x.x.x[0]
2010-06-23 10:25:30: DEBUG: pfkey GETSPI succeeded: ESP/Tunnel
95.x.x.x[0]->78.x.x.x[0] spi=126966409(0x7915a89)
Is it good?
Ralf
More information about the freebsd-net
mailing list