[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-misc
Subject: Re: *SPAM* Re: Searching for cluestick - iked(8) peer to peer
From: Josh Grosse <josh () jggimi ! homeip ! net>
Date: 2014-10-28 13:49:58
Message-ID: 16d38ca863b700c1fbffd725536faab2 () jggimi ! homeip ! net
[Download RAW message or body]
On 2014-10-28 08:09, Vincent Gross wrote:
> On Mon, Oct 27, 2014 at 06:28:39PM -0400, Josh Grosse wrote:
>> I am testing an extremely simple lab environment with iked(8) and
>> failing to establish flows and SAs on one of two platforms.
>>
>> I'm sure its somthing extremely simple, but I'm at a loss to
>> figure it out on my own. A cluestick would be appreciated.
>
> I had the very same issue on my own setup. I did not investigate the
> source, but I think there is a bug in the code that handles PSK authn,
> because it worked perfectly fine when I switched to RSA key authn.
Thank you, Vincent. I will return to simple certificate testing.
> If you must use PSK, isakmpd/ipsecctl/ipsec.conf would be the
> workaround.
I used to use them, then my IPSec requirement ended. Now, I have a new
requirement again. I
I'd tested with PSK because I was struggling with certificate
rejections,
even after deploying Reyk's ikeca.cnf, and I was trying to see if I
could
just get Flows and SAs established with the simplest point-to-point test
case.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic