DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 25th May 2012
sparky's Avatar
sparky sparky is offline
Fdisk Soldier
 
Join Date: Mar 2012
Posts: 73
Thanked 0 Times in 0 Posts
Default OpenBSD 5.1 ipsec pre-shared key not sending?

Hi,

I recently managed to configure an IPSEC over GRE tunnel between a Cisco router and OpenBSD 5 RELEASE 64bit edition.


I am now attempting to do the same between OpenBSD 5.1 x64 RELEASE however, the router is complaining that OpenBSD isn't sending the 'pre-shared-key'???


My previous posting for the initial configuration was here:

http://www.daemonforums.org/showthread.php?t=6911


ipsec.conf file having permissions 600 has this inside it:

Code:
ike esp from 0.0.0.0/0 to 0.0.0.0/0 peer 192.168.0.1 main auth hmac-md5 enc 3des group modp1536 \
quick auth hmac-md5 enc 3des psk "secret"
the "secret" after "psk" has been put in properly however, for some reason the Cisco is complaining that it isn't being sent?

This is a different router using a different IOS version so that might have something to do with it. though it is unlikely as the configuration of both systems is the same with only the IP addresses and pre-shared-key different.


Outside of /var/log/daemon where does ipsec and isakmp log to?


Can anyone help me out or suggest anything?


Thanks.
Reply With Quote
  #2   (View Single Post)  
Old 25th May 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,717
Thanked 214 Times in 189 Posts
Default

I recommend polling a wider audience. IPSec use among active members here is relatively tiny, and our knowledge thin. *

Consider posting to the misc@ mailing list. See http://www.openbsd.org/mail.html for guidance if you are unfamiliar with the Project mailing lists.

* I use IPSec, but I employ simple ipsec.conf(5) configurations, and neither gre(4) nor Cisco products are involved.

Last edited by jggimi; 25th May 2012 at 12:10 PM.
Reply With Quote
  #3   (View Single Post)  
Old 25th May 2012
sparky's Avatar
sparky sparky is offline
Fdisk Soldier
 
Join Date: Mar 2012
Posts: 73
Thanked 0 Times in 0 Posts
Default

Ok thanks!

I have used the misc mailing list before but it's not that welcoming and can be quite a hostile environment.
Reply With Quote
  #4   (View Single Post)  
Old 25th May 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,888
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by sparky View Post
I have used the misc mailing list before but it's not that welcoming and can be quite a hostile environment.
Perhaps, & especially for those who have not done their homework, but those who can articulate their situations with technical accuracy, the depth of knowledge expressed by the developers is not seen anywhere else.
Reply With Quote
  #5   (View Single Post)  
Old 25th May 2012
sparky's Avatar
sparky sparky is offline
Fdisk Soldier
 
Join Date: Mar 2012
Posts: 73
Thanked 0 Times in 0 Posts
Default

I understand that however, if someone is inexperienced and hasn't been around for long a lot of mistakes can be made or confusion caused.


I do accept though that research should be done so that one ends up giving as much information as possible otherwise how can someone trying to help 'read the OP's mind'.

And yeah the level of knowledge is exceptionally high! ....it's almost scray


As to my issue, considering nothing on the ipsec.conf part changed from OpenBSD 5.0 to 5.1, the problem might be the Cisco IOS itself.

The Cisco device does seem to be behaving strangely when put into certain senarios.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD Building VPN’s with OpenBSD and IPSEC J65nko News 0 19th February 2011 07:53 PM
Allegations regarding OpenBSD IPSEC J65nko News 38 24th December 2010 09:22 AM
OpenBSD IPSEC backdoored? fender0107401 OpenBSD Security 1 15th December 2010 03:59 AM
Ipsec freebsd openbsd failure kasse OpenBSD General 3 31st December 2008 01:42 AM
IPsec on openbsd hitete OpenBSD Installation and Upgrading 1 12th July 2008 01:57 AM


All times are GMT. The time now is 03:31 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick