|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|
||||
After all this time and no "hello welcome" message let alone support
Nevermind..... <siiiiiigggghhhhh> Here's the solution incase anyone needs it in the future: Becasue Cisco ISR routers are primarily meant to be connected to the network WAN edge as gateway or other edge devices it seems that the IOS product groups didn't decide to implament a way to be able to manipulate or alter the ISAKMP Phase-2 header or initiator ID field within the crypto packets. So using a quick crash-course in Engineering Psych 101; using the P2 header of "ANY to ANY" seemed more efficient and less troublesome. This means for interoperability that other manufacturers need to have the same ISAKMP implementation mentality or a way to be able to manipulate or adjust the P2 header in order to be able to sync-up with the ISR range. Since OpenBSD isn't a product but instead a very powerful operating system this feature should definitely be implemented!! By using the /etc/ipsec.conf configuration parameter string of: Code:
ike esp from 0.0.0.0/0 to 0.0.0.0/0 peer 192.168.0.1 main auth hmac-md5 enc 3des group modp1536 \ quick auth hmac-md5 enc 3des psk "secret" Just for justification purposes; the P2 headers are defined by the "from" and "to" statements. Once that has been issued the connection then establishes without any further ado! Please see the attached images for confirmation Last edited by ocicat; 10th March 2012 at 04:59 PM. Reason: corrected formatting |
|
|||
Quote:
Nice that you got it working. I think the reason for the lack of replies might be that not that many people here have experience with setting up IPsec between OpenBSD and "other" devices. :/ |
|
||||
Quote:
If engineer qualified for company x then always engineer of company x and there's no changing it. I tend to be a bit eclictic in that sense that I learn what I like and/or what I feel is interesting. But hopefully this posting may help someone further on down the line........ Now off to go bulid a PPPoE server and client to simulate an ISP's PoP server. ....oh did I mention that have been using OpenBSD properly for round 1 week???? haha P.s. since the tac of this forum don't let me edit my posts would it be kindly possible for a moderator or so to change this malformed line: Quote:
Thanks! |
|
|||
Quote:
New members to this site are restricted from some features as a security measure against spammers. These restrictions are lifted once members get above a predetermined number of posts. We apologize to new members for the inconvenience, but it is only temporary as credibility is established. |
|
||||
Many thanks!
Quote:
Uh I'm so excited now to build this router of mine, basically the hardware I picked can actually route at 10Gbps.... well just under as it seems to be a limitation with x64 architecture but it's nice to see OpenBSD can easily kick Cisco's ASCII Oh and how cool is it when people ask: "what router have you got?" to just reply with: "I designed and built it myself" Though am still 3 years away from 1Gbps residential internet and metro ethernet too expensive |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
mount_cd9660 : Invalid argument .. | daemonfowl | OpenBSD General | 5 | 23rd February 2012 02:40 PM |
cat: [file]: Invalid argument | pieterverberne | OpenBSD General | 6 | 19th November 2011 02:43 PM |
isakmp to ipsec | badguy | OpenBSD Security | 3 | 17th November 2010 10:52 PM |
Warning domain_not_set.invalid | aleunix | OpenBSD General | 13 | 15th December 2009 11:19 AM |
Mount DVD - invalid argument. | maxrussell | FreeBSD General | 17 | 7th January 2009 08:46 AM |