using the isakmpd port to freebsd 4.4.

the policy file (/etc/isakmpd.policy) seems to be ignored:
        KeyNote-Version: 2
        Comment: This policy accepts ESP SAs from a remote that uses the right
password
        Authorizer: "POLICY"
        Licensees: "passphrase:secret3"
        Conditions: app_domain == "IPsec policy" &&
                    esp_present == "yes" -> "true";

the isakmpd.conf file contains :
        Policy-File= /etc/isakmpd.policy

and isakmpd is run with a "-c /etc/isakmpd.conf". The isakmpd.conf has a
chmod of 0600.

Now, changing the secret passphrase has no effect at all negotiations.
restarting all isakmpds fails to recognise the false passphrase.

is this a known issue?

-- also why does teh daemon repeatedy give:
        131338.287868 Default pf_key_v2_flow: SPDADD: File exists
        isakmpd in free(): warning: junk pointer, too high to make sense.

and the isakmpd CPU usage remains at 98-99% ?

terry

-----------------------------------------------
Information in this electronic mail message is confidential
and may be legally privileged. It is intended solely for
the addressee. Access to this message by anyone else is
unauthorised. If you are not the intended recipient any
use, disclosure, copying or distribution of this message is
prohibited and may be unlawful. When addressed to our
customers, any information contained in this message is
subject to Intelligent Network Technology Ltd Terms & Conditions.
-----------------------------------------------
Take part in the intY 2001 Email Usage survey
online at http://www.inty.net/email/survey.html
-----------------------------------------------

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]