PGPnet

Patrick Ethier patrick at SECUREOPS.COM
Mon Jan 3 12:27:59 EST 2000 

It works with the Freeware version also... The only problem is you cannot
access anything beyond the security gateway. Simply put, It only supports
Point-To-Point between the client and the security gateway... It makes the
freeware version virtually useless unless you want to share files between 2
computers on win9X boxes across the Internet.

 I guess NAI looks upon anybody connecting to a Remote Network as a
Corporate Client(They are probably right in a sense). I call it a Marketing
Scandal.

 Anyways, I'm still waiting for a decent price quotation from NAI for the
PGPVPN client. Does anybody know of a "Free" or "OpenSourced" or "GPL"
client equivalent that will install on win9X/NT??


-----Original Message-----
From: Luke Renn [mailto:lrenn at etci.com]
Sent: Monday, January 03, 2000 12:12 PM
To: Patrick Ethier
Cc: misc at openbsd.org
Subject: Re: PGPnet


now all we have to do is get it to work with the *freeware* version of
PGPnet :)

Luke

----- Original Message -----
From: Patrick Ethier <patrick at secureops.com>
To: 'Luke Renn' <lrenn at etci.com>; Patrick Ethier <patrick at secureops.com>;
'Jonas Eriksson' <je at sekure.net>
Cc: <misc at openbsd.org>; <vpn at securityfocus.com>
Sent: Monday, January 03, 2000 12:16 PM
Subject: RE: PGPnet


> Probably,
>
>  But Jonas says he set everything right in PGPNet. If PFS isn't on, he'll
> get INVALID_PAYLOAD_TYPE because the IPSec proposals do not match.
>
>
> Make sure you have 3DES-SHA for transforms on both IKE and IPSEC in PGPNet
> and that PFS is set to 1024.(Make sure also that AH is disabled and the
ESP
> is enabled).
>
>
>
>
> -----Original Message-----
> From: Luke Renn [mailto:lrenn at etci.com]
> Sent: Monday, January 03, 2000 12:04 PM
> To: Patrick Ethier; 'Jonas Eriksson'
> Cc: misc at openbsd.org; vpn at securityfocus.com
> Subject: Re: PGPnet
>
>
> not sure, but i think the DEFAULT_PAYLOAD_TYPE from the original post is
due
> to not having perfect forward security set to 1024 in PGPnet options.
>
> Just a thought,
>
> Luke
>
> (Could be wrong)
> ----- Original Message -----
> From: Patrick Ethier <patrick at secureops.com>
> To: 'Jonas Eriksson' <je at sekure.net>
> Cc: <misc at openbsd.org>; <vpn at securityfocus.com>
> Sent: Monday, January 03, 2000 12:01 PM
> Subject: RE: PGPnet
>
>
> > Ok,
> >
> >
> >  Now add the following to your /etc/isakmpd/isakmpd.conf
> >
> > [Phase 1]
> > Default= PGPNet_Config
> >
> > [Phase 2]
> > Default= PGPNet-OBSD
> >
> > [PGPNet_Config]
> > Phase= 1
> > Transport= udp
> > Local-address= Your_OBSD_IP_Address
> > Address= 0.0.0.0
> > Configuration= Default-main-mode
> > Authentication= mekmitasdigoat
> > #Flags=
> >
> > [PGPNet-OBSD]
> > Phase= 2
> > ISAKMP-peer= PGPNet_Config
> > Configuration= Default-quick-mode
> > Local-ID= Net-YourNet
> > Remote-ID= Net-PGPClient
> >
> > [Net-YourNet]
> > ID-type= IPV4_ADDR_SUBNET
> > Network= Your_Network_Broadcast_Address
> > Netmask= Your_Network_Netmask
> >
> > [Net-PGPClient]
> > ID-type= IPV4_ADDR
> > Address= 0.0.0.0
> > Netmask= 255.255.255.255
> >
> >
> > This should make the whole thing work. Just fill in the entries with
your
> > personal IP's and stuff...
> >
> > Regards,
> >
> > ____________________
> > Patrick Ethier
> > patrick at secureops.com
> >
> > [ It doesn't matter if you don't know where you're going....]
> > [ As long as you get there --- DrBones                           ]
> >
> >
> >
> > -----Original Message-----
> > From: Jonas Eriksson [mailto:je at sekure.net]
> > Sent: Monday, January 03, 2000 11:17 AM
> > To: Patrick Ethier
> > Subject: RE: PGPnet
> >
> >
> >
> > Ok, i've read your mail that you posted earlier on the openbsd
> > misc list (how you set up your PGPnet)
> >
> > So, i have changed all that in PGPnet.
> >
> > Thanks,
> >
> > -- Jonas Eriksson
> >    je at sekure.net
> >
> > On Mon, 3 Jan 2000, Patrick Ethier wrote:
> >
> > > Just a wild guess here, but if you got an invalid payload it is
because
> > your
> > > encyption transforms for phase 2 (aka quick mode) are invalid. The
> default
> > > for PGPNet is CAST-MD5, the default for openbsd is 3DES-SHA.
> > >
> > >  Try changing the IPSEC section of PGPNet to match the quick mode
> > transform
> > > of OpenBSD.
> > >
> > >
> > >  If you look on my VPN website, (www.secureops.com/resources) you'll
get
> > all
> > > the explanation you need to get it working. Simply replace all remote
> IP's
> > > with 0.0.0.0 and in the [NET-] section use a ID-type= IPV4_ADDR with
> > > Address= 0.0.0.0 and Netmask=255.255.255.255
> > >
> > > That should work.
> > >
> > > I'll post my isakmpd.conf and isakmpd.policy file for you soon(I just
> need
> > > to blank out the IP's.)
> > >
> > > Regards,
> > >
> > > ____________________
> > > Patrick Ethier
> > > patrick at secureops.com
> > >
> > > [ It doesn't matter if you don't know where you're going....]
> > > [ As long as you get there --- DrBones                           ]
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Jonas Eriksson [mailto:je at sekure.net]
> > > Sent: Saturday, January 01, 2000 11:24 PM
> > > To: Patrick Ethier
> > > Subject: PGPnet
> > >
> > >
> > >
> > > Hi,
> > >
> > > I noticed on the openbsd maillinglist that you got PGPnet to work
> > > with isakmpd.
> > >
> > > Can you send me your isakmpd.conf and isakmpd.policy?
> > >
> > > I've got this error while trying to connect:
> > >
> > > 052005.362795 Default message_parse_payloads: invalid next payload
type
> > > 116 in payload of type 5
> > > 052005.362911 Default dropped message from 193.15.98.52 port 500 due
to
> > > notification type INVALID_PAYLOAD_TYPE
> > >
> > >
> > >
> > > --
> > > Regards jonas
> > >
> >
>

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list