Using certificates with isakmpd?

Patrick Ethier patrick at SECUREOPS.COM
Wed Jan 19 12:59:48 EST 2000


Hi guys,


 I've been looking at your attemps on the list to sort out the x509
certificate stuff with OBSD and IKE. As far as I can tell, it seems that the
source code has to be synchronized with the --current libraries. Until that
happens, it is no longer just a simple configuration or certificate
generation issue but a programming issue as well. I haven't attempted to do
the certificate stuff yet but I hope one of you people will give us access
to your findings when it is done.

 In the subject of creating policy files, I found this little trick that I
use to verify if it is my config or my policy that is stopping things from
working.
Use netstat -p esp
or netstat -p tcp

It'll give you some fun little facts about the incoming and outgoing packets
such as how many packets were dropped because of no matching policy.

Another note. I got into contact with NAI about their PGP VPN client. It
seems that the latest release was actually tested with OpenBSD ISAKMP and is
supposed to be able to establish Host to Lan communications properly. The
version is 6.5.3.


Regards,

Patrick Ethier
patrick at secureops.com

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list