PGPnet
Patrick Ethier
patrick at SECUREOPS.COM
Mon Jan 3 12:01:19 EST 2000
Ok,
Now add the following to your /etc/isakmpd/isakmpd.conf
[Phase 1]
Default= PGPNet_Config
[Phase 2]
Default= PGPNet-OBSD
[PGPNet_Config]
Phase= 1
Transport= udp
Local-address= Your_OBSD_IP_Address
Address= 0.0.0.0
Configuration= Default-main-mode
Authentication= mekmitasdigoat
#Flags=
[PGPNet-OBSD]
Phase= 2
ISAKMP-peer= PGPNet_Config
Configuration= Default-quick-mode
Local-ID= Net-YourNet
Remote-ID= Net-PGPClient
[Net-YourNet]
ID-type= IPV4_ADDR_SUBNET
Network= Your_Network_Broadcast_Address
Netmask= Your_Network_Netmask
[Net-PGPClient]
ID-type= IPV4_ADDR
Address= 0.0.0.0
Netmask= 255.255.255.255
This should make the whole thing work. Just fill in the entries with your
personal IP's and stuff...
Regards,
____________________
Patrick Ethier
patrick at secureops.com
[ It doesn't matter if you don't know where you're going....]
[ As long as you get there --- DrBones ]
-----Original Message-----
From: Jonas Eriksson [mailto:je at sekure.net]
Sent: Monday, January 03, 2000 11:17 AM
To: Patrick Ethier
Subject: RE: PGPnet
Ok, i've read your mail that you posted earlier on the openbsd
misc list (how you set up your PGPnet)
So, i have changed all that in PGPnet.
Thanks,
-- Jonas Eriksson
je at sekure.net
On Mon, 3 Jan 2000, Patrick Ethier wrote:
> Just a wild guess here, but if you got an invalid payload it is because
your
> encyption transforms for phase 2 (aka quick mode) are invalid. The default
> for PGPNet is CAST-MD5, the default for openbsd is 3DES-SHA.
>
> Try changing the IPSEC section of PGPNet to match the quick mode
transform
> of OpenBSD.
>
>
> If you look on my VPN website, (www.secureops.com/resources) you'll get
all
> the explanation you need to get it working. Simply replace all remote IP's
> with 0.0.0.0 and in the [NET-] section use a ID-type= IPV4_ADDR with
> Address= 0.0.0.0 and Netmask=255.255.255.255
>
> That should work.
>
> I'll post my isakmpd.conf and isakmpd.policy file for you soon(I just need
> to blank out the IP's.)
>
> Regards,
>
> ____________________
> Patrick Ethier
> patrick at secureops.com
>
> [ It doesn't matter if you don't know where you're going....]
> [ As long as you get there --- DrBones ]
>
>
>
> -----Original Message-----
> From: Jonas Eriksson [mailto:je at sekure.net]
> Sent: Saturday, January 01, 2000 11:24 PM
> To: Patrick Ethier
> Subject: PGPnet
>
>
>
> Hi,
>
> I noticed on the openbsd maillinglist that you got PGPnet to work
> with isakmpd.
>
> Can you send me your isakmpd.conf and isakmpd.policy?
>
> I've got this error while trying to connect:
>
> 052005.362795 Default message_parse_payloads: invalid next payload type
> 116 in payload of type 5
> 052005.362911 Default dropped message from 193.15.98.52 port 500 due to
> notification type INVALID_PAYLOAD_TYPE
>
>
>
> --
> Regards jonas
>
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list