Hi,

I got some questions about isakmpd.policy. I've set up a end-to-end IPSec
tunnel between two FreeBSD machines. Actually it's a road warrior mode
tunnel, Because I have no IPSec client software at hand, I use an FreBSD
machine instead.

Here is the isakmpd.policy looks like,

Authorizer: "POLICY"
Licensees: "passphrase:qqqqqqqq"
Conditions: app_domain == "IPsec policy" &&
         (( ah_present == "yes" &&
            ah_hash_alg != "null" ) ||
          ( esp_present == "yes" &&
            esp_enc_alg != "null" &&
            esp_auth_alg != "null" )) &&
            remote_filter == "172.16.1.220-172.16.1.222" &&
            local_filter == "172.16.1.196-172.16.1.196" &&
            remote_filter_proto == "tcp" &&
            local_filter_proto == "tcp" -> "true";

When I change the definition of remote_filter or local_filter, it doen't
make any influence on the IPSec tunnel. I also defined the remote negotiate
ip address, remote id in isakmpd.conf. I guess when isakmpd running, it
takes all the configuration in isakmpd.conf, so whatever did I change the
isakmpd.policy, it does no work. Is it right?

Thanks a lot!

Jack

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]