|
|
||||
Both remote sites have identical routers, Cisco RV042 which can have up to 50 VPN's, but I can't seem to get the second VPN to connect to my home OpenBSD box.
Network A: My OpenBSD Router Network B: Cisco RV042 Network C: Cisco RV042 Working VPN between A&B, and B&C but no go for A&C. I restarted my firewall after adding the entries for A&C. Do I need to reboot for the changes to take affect in ipsec.conf or is there a way to restart that? After editing ipsec.conf I ran this and got this output but A&C won't connect. Code:
# isakmpd -K # ipsecctl -f /etc/ipsec.conf ipsecctl: ike_ipsec_establish: open(/var/run/isakmpd.fifo): No such file or directory |
|
||||
The error message is telling you that isakmpd is not running. The .fifo file is a command channel.
Check for isakmpd error messages in /var/log/daemon. You can add the -v option to produce more detailed output, and if you want you can run it with -d so that it does not daemonize, and produces its output in the shell. |
|
||||
There may be. You can flush (-F) the configuration before reloading it. However, I found better stability by restarting isakmpd before reloading the configuration.
I recommend you use rc.d(8) to restart services such as isakmpd. Upon successful restart, you can then issue a reload of the configuration. |
|
||||
Oko, if you are referring to netstart(8), I don't believe either isakmpd or ipsecctl are within its scope.
Last edited by jggimi; 5th April 2014 at 02:56 AM. Reason: typo |
|
||||
Well I've Googled myself to death but can't seem to solve this one. The two VPN's I setup won't allow me to share PC or server resources. I can ping, connect, install and print to all the remoter IP printers, I can ping and login to all the remote network gear (routers & WAP's) but I can't ping or connect to servers and PC's. The servers and PC's are all Windows. Windows 7 on the PC's and Windows Server on the servers
Network A: OpenBSD Router Network B: Cisco RV042 Router Network C: Cisco RV042 Router The VPN between B&C has full access to each others resources but between A&B and A&C no access to servers and PC's. It would appear the problem lies somewhere in my OpenBSD box but I can't figure it out. Can anyone point me in the right direction as to what I'm doing wrong? |
|
|||
My approach would be to use tcpdump(8) on the OpenBSD box in verbose mode. That will display a lot of information about the VPN packets, which encryption methods are available and which one is actually chosen.
In case it would be a routing issue, you also will be able to see which side does not send a reply. With a default policy of block log all and/or enabling logging of the rules allowing the VPN traffic you could watch the pflog device with tcpdump to make sure the firewall ruleset is not dropping VPN packets. By wiretapping with tcpdump(8) you also can verify whether DNS is working within the VPN. (In case you are using that )
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
||||
I'm going to take a wild guess that IP forwarding may not be enabled; since the symptom could indicate that and forwarding is disabled by default. See FAQ 6.2.7.
Once that's confirmed, follow J65nko's advice regarding testing PF rules. You may need to deploy pass rules in pf.conf for the traffic you wish to enable. You're passing ESP packets for the VPN and UDP for key management, but not passing any underlying traffic between the interconnected networks. That may be the reason for the communication failure. Last edited by jggimi; 7th April 2014 at 10:56 AM. Reason: typo, clarity |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
OpenBSD VPN Setup | Dr-D | OpenBSD Security | 2 | 4th April 2014 01:23 PM |
OpenBSD how to start (basic setup) | wesley | Guides | 4 | 18th July 2012 06:29 PM |
how setup arpwatch for OpenBSD | mfaridi | OpenBSD Packages and Ports | 1 | 11th December 2008 05:22 PM |
Using multiple gateways | ivanatora | FreeBSD General | 7 | 15th November 2008 06:57 PM |
Multiple VPN | rondynames | OpenBSD General | 5 | 24th July 2008 11:51 AM |