ipsecctl parser behavior on OpenBSD 4.0 running generic kernel#1137

Wed, 11 Oct 2006 14:31:12 -0700 

I wanted to test ipsec.conf before loading it and I noticed this odd behavior.

pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [570]$ cat ipsec.conf
remote_gw = "192.168.0.1"
remote_net = "{ 10.0.100.0/22, 10.0.2/24 }"
local_net = "{ 172.16.18.0/26 }"

ike esp from $local_net to $remote_net peer $remote_gw psk "test123"
pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [571]$ ipsecctl -n -f ipsec.conf
pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [572]$ echo $?
0

*This is expected!*

pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [573]$ cat ipsec.conf
remote_gw = "192.168.0.1
remote_net = "{ 10.0.100.0/22, 10.0.2/24 }"
local_net = "{ 172.16.18.0/26 }"

ike esp from $local_net to $remote_net peer $remote_gw psk "test123"
pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [574]$ ipsecctl -n -f ipsec.conf
ipsec.conf: 2: syntax error
ipsecctl: Syntax error in config file: ipsec rules not loaded
pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [575]$ echo $?
1

*This is expected*

pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [576]$ cat ipsec.conf
remote_gw = "192.168.0.1"
remote_net = "{ 10.0.100.0/22, 10.0.2/24 }
local_net = "{ 172.16.18.0/26 }"

ike esp from $local_net to $remote_net peer $remote_gw psk "test123"
pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [577]$ ipsecctl -n -f ipsec.conf
ipsec.conf: 3: syntax error
ipsecctl: Syntax error in config file: ipsec rules not loaded
pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [578]$ echo $?
1

*This is expected*

pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [579]$ cat ipsec.conf
remote_gw = "192.168.0.1"
remote_net = "{ 10.0.100.0/22, 10.0.2/24 }"
local_net = "{ 172.16.18.0/26 }

ike esp from $local_net to $remote_net peer $remote_gw psk "test123"
pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [580]$ ipsecctl -n -f ipsec.conf
pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [581]$ echo $?
0
*Is this expected? I am missing a ending quote on line three and the parser thinks this is correct* 

pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [582]$ cat ipsec.conf
remote_gw = "192.168.0.1"
remote_net = "{ 10.0.100.0/22, 10.0.2/24 }"
local_net = "{ 172.16.18.0/26 }"

ike esp from $local_net to $remote_net peer $remote_gw psk "test123
pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [583]$ ipsecctl -n -f ipsec.conf
ipsec.conf: 5: syntax error
ipsecctl: Syntax error in config file: ipsec rules not loaded


pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [584]$ cat ipsec.conf
remote_gw = "192.168.0.1"
remote_net = "{ 10.0.100.0/22, 10.0.2/24 }"
local_net = "{ 172.16.18.0/26 }"

ike esp from $local_net to $remote_net peer $remote_gw

pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [585]$ cat ipsec.conf
remote_gw = "192.168.0.1"
remote_net = "{ 10.0.100.0/22, 10.0.2/24 }"
local_net = "{ 172.16.18.0/26 }

ike esp from $local_net to $remote_net peer $remote_gw
pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [586]$ ipsecctl -n -f ipsec.conf
ipsec.conf: 3: syntax error
ipsecctl: Syntax error in config file: ipsec rules not loaded
pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [587]$ echo $?
1

*When I remove the psk string, the parser notices the problem and errors out*

pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [588]$ cat ipsec.conf
remote_gw = "192.168.0.1"
remote_net = "{ 10.0.100.0/22, 10.0.2/24 }"
local_net = "{ 172.16.18.0/26 }"

ike esp from $local_net to $remote_net peer $remote_gw psk "test123"
pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [589]$ ipsecctl -n -f ipsec.conf
pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [590]$ echo $?
0

pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [591]$ uname -a
OpenBSD pgurumur-vm-openbsd.silverspringnet.com 4.0 GENERIC#1137 i386

dmesg:
OpenBSD 4.0-current (GENERIC) #1137: Wed Oct  4 06:34:08 MDT 2006
    [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz ("GenuineIntel" 686-class) 2.80 GHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS 
real mem  = 267939840 (261660K)
avail mem = 236720128 (231172K)
using 3296 buffers containing 13500416 bytes (13184K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(53) BIOS, date 07/29/05, BIOS32 rev. 0 @ 0xfd880, SMBIOS rev. 2.31 @ 0xe0010 (45 entries) 
bios0: VMware, Inc. VMware Virtual Platform
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0x8000 0xc8000/0x1000 0xdc000/0x4000! 0xe0000/0x4000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x01
pci1 at ppb0 bus 1
pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility 
wd0 at pciide0 channel 0 drive 0: <VMware Virtual IDE Hard Drive>
wd0: 64-sector PIO, LBA, 8192MB, 16777216 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <NECVMWar, VMware IDE CDR10, 1.00> SCSI0 5/cdrom removable 
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x08: SMBus disabled
vga1 at pci0 dev 15 function 0 "VMware Virtual SVGA II" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
bha3 at pci0 dev 16 function 0 "BusLogic MultiMaster" rev 0x01: irq 11, BusLogic 9xxC SCSI 
bha3: model BT-958, firmware 5.07B
bha3: sync, parity
scsibus1 at bha3: 8 targets
pcn0 at pci0 dev 17 function 0 "AMD 79c970 PCnet-PCI" rev 0x10, Am79c970A, rev 0: irq 9, address 00:0c:29:20:b1:ff 
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask ed65 netmask ef65 ttymask ffe7
pctr: user-level cycle counter enabled
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302

Thanks
Prabhu
-

Reply via email to