On 2008-06-30, Harald Dunkel <[EMAIL PROTECTED]> wrote:
> Mitja Mu>enih wrote:
>>
>> It is not a problem within isakmpd, it will accept IPV4_ADDR_SUBNET of size
>> /32.
>>
>> As I already explained to you in a private mail, ipsecctl will export both
>> 192.168.1.249 and 192.168.1.249/32 into IPV4
PS: If I don't define any remote networks in NCP client, then it tries
to send all ip traffic via esp to the OpenBSD gateway, but isakmpd
whoes:
responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id
c0a801f9: 192.168.1.249, responder id /: 0.0.0.0/0.0.0.0
Mitja Mu>enih wrote:
It is not a problem within isakmpd, it will accept IPV4_ADDR_SUBNET of size
/32.
As I already explained to you in a private mail, ipsecctl will export both
192.168.1.249 and 192.168.1.249/32 into IPV4_ADDR=192.168.1.249 while your
windows client is sending IPV4_ADDR_SUBNET
On 2008-06-30, Mitja Mu>enih <[EMAIL PROTECTED]> wrote:
> It is not a problem within isakmpd, it will accept IPV4_ADDR_SUBNET of size
> /32.
It would make more sense for isakmpd to treat IPV4_ADDR_SUBNET /32
and IPV4_ADDR as equivalent, otherwise I think you're unable to use
0.0.0.0 to accept dyna
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> On Behalf Of Harald Dunkel
> Sent: Monday, June 30, 2008 9:17 AM
> To: [EMAIL PROTECTED]
> Cc: Misc OpenBSD
> Subject: Re: isakmpd -- NCP IPsec client: peer proposed
> invalid phase 2 IDs
&
Hi Prabhu,
I do get a connection for
ike passive esp from 192.168.5.0/31 to 192.168.1.249
but not for
ike passive esp from 192.168.5.1 to 192.168.1.249
(192.168.1.249 is the remote Windows laptop running NCP IPsec client.)
So I doubt that this is a problem of aes vs 3des. AFA
I do not know whether Windows XP native IPsec stack supports AES, I know it only
supports upto 3des. With OpenBSD, the default is AES (128), that is why IKE is
giving you NO_PROPOSAL_CHOSEN. Change you settings to include 3des and sha1 (or
md5 may be) and you would get quick mode working.
Prab
Hi folks,
I am trying to setup an IPsec connection between OpenBSD
and WindowsXP (NCP IPsec client). ipsec.conf is just a
single line:
ike passive esp from 192.168.5.1 to 192.168.1.249
(192.168.1.249 is the Windows PC.)
Phase I seems to work, but in Phase II isakmpd complains:
Jun 27
8 matches
Mail list logo