Date: Wed, 23 Jun 2010 10:37:18 +0200 From: <ralf@dzie-ciuch.pl> To: VANHULLEBUS Yvan <vanhu@FreeBSD.org> Cc: freebsd-net@freebsd.org Subject: Re: vpn trouble Message-ID: <a5c9ad94743d6f4d709ce181fb5b1894@ewipo.pl> In-Reply-To: <20100623083228.GA74453@zeninc.net> References: <20100622153541.GA72211@zeninc.net> <6caa9895ae1710b9f48a227116a4340c@ewipo.pl> <20100622190819.270aaa74@gda-arsenic> <4f378cfb416582c3081377ba714e508a@ewipo.pl> <20100622201130.5824d585@gda-arsenic> <20100622182242.GU2620@verio.net> <20100622204107.6c604c17@gda-arsenic> <e0ec3f73645a733f318ba5664abf6472@ewipo.pl> <20100623080555.GB74303@zeninc.net> <5e8d1141ecf3d922c00114e41585a67f@ewipo.pl> <20100623083228.GA74453@zeninc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 23 Jun 2010 10:32:29 +0200, VANHULLEBUS Yvan <vanhu@FreeBSD.org> wrote: > On Wed, Jun 23, 2010 at 10:28:48AM +0200, ralf@dzie-ciuch.pl wrote: >> Ok I found that my psk.txt has got wrong permissions > > Yes, we'll have to set up a more explicit error message when psk file > has wrong permissions..... Ok. I fix it using chmod 0600 psk.txt > > >> Now I can get SAD keys! >> >> ISAKMP-SA established 78.x.x.x[500]-95.x.x.x[500] >> spi:8a8881ee5182cbfb:53dab6ad5a65629d > > According to that log, you coud establish an IsakmpSA, so only the > phase1 is ok.... > > Do you also have later some logs like: > <date>: INFO : IPsec-SA established: ESP/Tunnel <IPs> <SPI> > Yes I got: 2010-06-23 10:18:06: DEBUG: pfkey UPDATE succeeded: ESP/Tunnel 95.x.x.x[0]->78.x.x.x[0] spi=224712000(0xd64d540) 2010-06-23 10:18:06: INFO: IPsec-SA established: ESP/Tunnel 95.x.x.x[0]->78.x.x.x[0] spi=224712000(0xd64d540) 2010-06-23 10:18:06: INFO: IPsec-SA established: ESP/Tunnel 78.x.x.x[0]->95.x.x.x[0] spi=3926551409(0xea0a6b71) 2010-06-23 10:25:30: DEBUG: (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0) 2010-06-23 10:25:30: DEBUG: pfkey GETSPI sent: ESP/Tunnel 95.x.x.x[0]->78.x.x.x[0] 2010-06-23 10:25:30: DEBUG: pfkey GETSPI succeeded: ESP/Tunnel 95.x.x.x[0]->78.x.x.x[0] spi=126966409(0x7915a89) Is it good? Ralf
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a5c9ad94743d6f4d709ce181fb5b1894>