View Single Post
  #4   (View Single Post)  
Old 21st July 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quote:
Im looking for isakmpd.conf, i haven't it ...
You are using ipsecctl, and will not use an isakmpd.conf file. You are using the "-K" option with isakmpd; your configuration is in ipsec.conf instead. You should read man pages, when you are confused.
Quote:
-K When this option is given, isakmpd does not read the policy con-
figuration file and no keynote(4) policy check is accomplished.
This option can be used when policies for flows and SA establish-
ment are arranged by other programs like ipsecctl(8) or bgpd(8).
The error you are seeing:
Code:
isakmpd[29133] : udp_create : no address configured for "peer defaut"
is related to your ipsec.conf. Let's review it. If what you posted, above, is its exact contents:
Code:
ike dynamic from any to any \
 main auth hmac-sha1 enc aes group modp1024
 quick auth hmac-sha1 enc aes psk 123456A
It is missing a continuation "\" on the second line, preventing the third line from being used, and should have produced an error message when ipsecctl(8) attempted to configure it. It is using dynamic keying, which is inappropriate for gateways. It is using "peer default", which appears to be a problem, also.

Let me guess... you found this configuration in a "howto" somewhere on the Internet?
Reply With Quote