View Single Post
  #1   (View Single Post)  
Old 6th August 2012
xeniades xeniades is offline
New User
 
Join Date: Aug 2012
Posts: 5
Unhappy Negotiation of IPsec SA

hi everyone !
nice to see that there is a forum related to openbsd !...

i have only a basic question about the VPN/IPsec implementation in openbsd 4.x - specially for ISAKMP exchanges in phase 2. it seems that this is different from other OS or vendors.
>> does openbsd accept in phase 2 a remote-subnet, which is not configured as a reachable subnet through vpn ? <<
That means subnet A and B should be reached via vpn. A and B is configured on both sides. The client (ex. netscreen) sends also a subnet C to responder (openbsd), and openbsd agreed subnet C in phase 2 even subnet C is not configured in openbsd as vpn remote-subnet.
Or is this just a problem of the configuration of openbsd, isakmpd.conf... ?
thanks a lot for your answer.
vpn is established by mainmode and preshared key.

Reply With Quote