The FreeBSD port does not default to use feature 'policy' (a.k.a Keynote).
Enable in sysdep/freebsd/Makefile and recompile (assuming you have
libkeynote installed).

isakmpd.policy is re-read when isakmpd.conf is re-read, i.e at SIGHUP.

/H

On Mon, 3 Jun 2002, jack xiao wrote:

> Hi,
>
> I got some questions about isakmpd.policy. I've set up a end-to-end IPSec
> tunnel between two FreeBSD machines. Actually it's a road warrior mode
> tunnel, Because I have no IPSec client software at hand, I use an FreBSD
> machine instead.
>
> Here is the isakmpd.policy looks like,
>
> Authorizer: "POLICY"
> Licensees: "passphrase:qqqqqqqq"
> Conditions: app_domain == "IPsec policy" &&
> (( ah_present == "yes" &&
> ah_hash_alg != "null" ) ||
> ( esp_present == "yes" &&
> esp_enc_alg != "null" &&
> esp_auth_alg != "null" )) &&
> remote_filter == "172.16.1.220-172.16.1.222" &&
> local_filter == "172.16.1.196-172.16.1.196" &&
> remote_filter_proto == "tcp" &&
> local_filter_proto == "tcp" -> "true";
>
> When I change the definition of remote_filter or local_filter, it doen't
> make any influence on the IPSec tunnel. I also defined the remote negotiate
> ip address, remote id in isakmpd.conf. I guess when isakmpd running, it
> takes all the configuration in isakmpd.conf, so whatever did I change the
> isakmpd.policy, it does no work. Is it right?
>
> Thanks a lot!
>
> Jack
>
>

--
Håkan Olsson <hocrt.se>        (+46) 708 437 337     Carlstedt Research
Unix, Networking, Security      (+46) 31 701 4264        & Technology AB

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]