IPSec VPN with isakmpd between OpenBSD 3.7 and 3.9 - BSD

This is a discussion on IPSec VPN with isakmpd between OpenBSD 3.7 and 3.9 - BSD ; Hello, I am trying to setup a simple basic VPN between two remote firewalls as in the example of the vpn manpage. One firewall is OpenBSD 3.7 and the other 3.9. Unfortunately impossible to bring the VPN up, on OpenBSD ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: IPSec VPN with isakmpd between OpenBSD 3.7 and 3.9

  1. IPSec VPN with isakmpd between OpenBSD 3.7 and 3.9

    Hello,

    I am trying to setup a simple basic VPN between two remote firewalls as
    in the example of the vpn manpage. One firewall is OpenBSD 3.7 and the
    other 3.9. Unfortunately impossible to bring the VPN up, on OpenBSD 3.7
    I always see this error message:

    Apr 18 16:12:51 myosin isakmpd[32458]: message_parse_payloads: invalid
    next payload type RESERVED_MIN in payload of type 10
    Apr 18 16:12:51 myosin isakmpd[32458]: dropped message from
    xxx.xxx.xxx.xxx port 500 due to notification type INVALID_PAYLOAD_TYPE
    Apr 18 16:12:51 myosin isakmpd[32458]: sendmsg (8, 0xcfbefca0, 0): No
    buffer space available

    And on OpenBSD 3.9, just this error:

    Apr 18 15:51:57 fw isakmpd[32324]: transport_send_messages: giving up on
    exchange peer-myosin, no response from peer xxx.xxx.xxx.xxx:500

    My PF rules should be fine as I took the example from vpn manpage. So
    could it be that there is an imcompatibility problem between 3.7 and 3.9
    ? Or does anyone have any idea what could be wrong here ?

    Many thanks
    Regards


  2. Re: IPSec VPN with isakmpd between OpenBSD 3.7 and 3.9

    On Tue, 18 Apr 2006 16:14:44 +0200, syn_NOSPAM_uw wrote:
    > Hello,
    >
    > I am trying to setup a simple basic VPN between two remote firewalls as
    > in the example of the vpn manpage. One firewall is OpenBSD 3.7 and the
    > other 3.9. Unfortunately impossible to bring the VPN up, on OpenBSD 3.7
    > I always see this error message:
    > ...
    > My PF rules should be fine as I took the example from vpn manpage. So
    > could it be that there is an imcompatibility problem between 3.7 and 3.9
    > ? Or does anyone have any idea what could be wrong here ?


    Did you apply patch 006_nat-t.patch on the 3.7 box? I had a VPN between
    two 3.7 boxes but when I upgraded one to 3.8 the VPN stopped working.

  3. Re: IPSec VPN with isakmpd between OpenBSD 3.7 and 3.9

    Shane Almeida wrote:

    > Did you apply patch 006_nat-t.patch on the 3.7 box? I had a VPN between
    > two 3.7 boxes but when I upgraded one to 3.8 the VPN stopped working.


    I have upgraded the 3.7 firewall to 3.9 and then it worked. I guess this
    is a bug.


  4. Re: IPSec VPN with isakmpd between OpenBSD 3.7 and 3.9

    On Sat, 22 Apr 2006 15:25:26 +0200, syn_NOSPAM_uw wrote:
    > Shane Almeida wrote:
    >
    >> Did you apply patch 006_nat-t.patch on the 3.7 box? I had a VPN between
    >> two 3.7 boxes but when I upgraded one to 3.8 the VPN stopped working.

    >
    > I have upgraded the 3.7 firewall to 3.9 and then it worked. I guess this
    > is a bug.


    The bug was related to NAT-Traversal. 3.7 incorrectly advertised support
    for it. When 3.8 or 3.9 tried to talk to 3.7, the incompatibility caused
    problems. You also could have used the -T flag on 3.8 or 3.9 to talk to
    an unpatched 3.7 machine.

+ Reply to Thread