PGPnet

Patrick Ethier patrick at SECUREOPS.COM
Mon Jan 3 12:01:19 EST 2000 

Ok,


 Now add the following to your /etc/isakmpd/isakmpd.conf

[Phase 1]
Default=	PGPNet_Config

[Phase 2]
Default=	PGPNet-OBSD

[PGPNet_Config]
Phase= 1
Transport= udp
Local-address= Your_OBSD_IP_Address
Address= 0.0.0.0
Configuration= Default-main-mode
Authentication= mekmitasdigoat
#Flags=

[PGPNet-OBSD]
Phase= 2
ISAKMP-peer= PGPNet_Config
Configuration= Default-quick-mode
Local-ID= Net-YourNet
Remote-ID= Net-PGPClient

[Net-YourNet]
ID-type=	IPV4_ADDR_SUBNET
Network=	Your_Network_Broadcast_Address
Netmask=	Your_Network_Netmask

[Net-PGPClient]
ID-type=	IPV4_ADDR
Address=	0.0.0.0
Netmask=	255.255.255.255


This should make the whole thing work. Just fill in the entries with your
personal IP's and stuff...

Regards,

____________________
Patrick Ethier
patrick at secureops.com

[ It doesn't matter if you don't know where you're going....]
[ As long as you get there --- DrBones                           ]



-----Original Message-----
From: Jonas Eriksson [mailto:je at sekure.net]
Sent: Monday, January 03, 2000 11:17 AM
To: Patrick Ethier
Subject: RE: PGPnet



Ok, i've read your mail that you posted earlier on the openbsd
misc list (how you set up your PGPnet)

So, i have changed all that in PGPnet.

Thanks,

-- Jonas Eriksson
   je at sekure.net

On Mon, 3 Jan 2000, Patrick Ethier wrote:

> Just a wild guess here, but if you got an invalid payload it is because
your
> encyption transforms for phase 2 (aka quick mode) are invalid. The default
> for PGPNet is CAST-MD5, the default for openbsd is 3DES-SHA.
>
>  Try changing the IPSEC section of PGPNet to match the quick mode
transform
> of OpenBSD.
>
>
>  If you look on my VPN website, (www.secureops.com/resources) you'll get
all
> the explanation you need to get it working. Simply replace all remote IP's
> with 0.0.0.0 and in the [NET-] section use a ID-type= IPV4_ADDR with
> Address= 0.0.0.0 and Netmask=255.255.255.255
>
> That should work.
>
> I'll post my isakmpd.conf and isakmpd.policy file for you soon(I just need
> to blank out the IP's.)
>
> Regards,
>
> ____________________
> Patrick Ethier
> patrick at secureops.com
>
> [ It doesn't matter if you don't know where you're going....]
> [ As long as you get there --- DrBones                           ]
>
>
>
> -----Original Message-----
> From: Jonas Eriksson [mailto:je at sekure.net]
> Sent: Saturday, January 01, 2000 11:24 PM
> To: Patrick Ethier
> Subject: PGPnet
>
>
>
> Hi,
>
> I noticed on the openbsd maillinglist that you got PGPnet to work
> with isakmpd.
>
> Can you send me your isakmpd.conf and isakmpd.policy?
>
> I've got this error while trying to connect:
>
> 052005.362795 Default message_parse_payloads: invalid next payload type
> 116 in payload of type 5
> 052005.362911 Default dropped message from 193.15.98.52 port 500 due to
> notification type INVALID_PAYLOAD_TYPE
>
>
>
> --
> Regards jonas
>

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list