ipsec AH network area, in less then 48hours

Contributed by jose on 2002-09-27 from the proto-51 dept.

bofn writes:

"The days are long, but mostly not long enough to read All the doc's and RFC's on a subject. sometimes a sysadmin just likes to add some functionality with out days of research...
i've done some reading on IP6 and IPSec, played with some example configs end so far have a nice ip4->ip6 gateway with HTTP4 <-> 6proxy etc... the next step for this site should be AH enabled traffic. just src and dst verification no payload crypto, since we only wanne make sure no one puts a naughty laptop in the LAN and starts talking.
and at this point i run out of time because all FAQ's and sample configs talk about the full VPN setup.
Now i have the isakmpd shouting at me:
"Unknown packet type 5 in handle_packet()"
and the photurisd has tears in its eyes, making no sense telling me:
"open(): Device not configured"
and other random moans of pain from the poor boxes.
[ a day in the life of daddy sysadmin ]"

Before you jump to say "RTFM! STFA!" the docs on configuring just AH are weak. Anyone have any docs they know about for configuring just AH?

(Comments are closed)

Comments

By skull () on 2002-09-27 05:56

how about the docs on host-to-host ipsec?
By Anonymous Coward () on 2002-09-27 15:53

Is in the official OpenBSD FAQ. You can setup host-to-host IPSEC in mere minutes.

http://www.openbsd.org/faq/faq13.html
By Anonymous Coward () on 2002-09-27 17:05

I admin a Cisco 3030 VPN, and have not yet been able to successfully establish a host to that box. Just too many options and places to go astray. I have no need for a network to network VPN using OpenBSD, has anyone succeeded and got any hints?

I have READ the Manual, the FAQ, the sample configs and the archives. I have configed a dhcp server using OpenBSD for 30 networks and 3000 users, so man pages are not foreign to me. IPSEC is just a step higher.
By Anonymous Coward () on 2002-09-29 10:46

> Now i have the isakmpd shouting at me:
>
> "Unknown packet type 5 in handle_packet()"

That's actually a photurisd(8) error message, not an isakmpd(8) one...

Latest Articles

Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (10)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]