[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-misc
Subject:    Re: *SPAM* Re: Searching for cluestick - iked(8) peer to peer
From:       Josh Grosse <josh () jggimi ! homeip ! net>
Date:       2014-10-28 13:49:58
Message-ID: 16d38ca863b700c1fbffd725536faab2 () jggimi ! homeip ! net
[Download RAW message or body]

On 2014-10-28 08:09, Vincent Gross wrote:
> On Mon, Oct 27, 2014 at 06:28:39PM -0400, Josh Grosse wrote:
>> I am testing an extremely simple lab environment with iked(8) and
>> failing to establish flows and SAs on one of two platforms.
>> 
>> I'm sure its somthing extremely simple, but I'm at a loss to
>> figure it out on my own.  A cluestick would be appreciated.
> 
> I had the very same issue on my own setup. I did not investigate the
> source, but I think there is a bug in the code that handles PSK authn,
> because it worked perfectly fine when I switched to RSA key authn.

Thank you, Vincent.  I will return to simple certificate testing.

> If you must use PSK, isakmpd/ipsecctl/ipsec.conf would be the
> workaround.

I used to use them, then my IPSec requirement ended.  Now, I have a new
requirement again.  I

I'd tested with PSK because I was struggling with certificate 
rejections,
even after deploying Reyk's ikeca.cnf, and I was trying to see if I 
could
just get Flows and SAs established with the simplest point-to-point test
case.

[prev in list] [next in list] [prev in thread] [next in thread]