Hi list,
I have a problem to setup an ipsec tunnel between my openbsd box and a
checkpoint firewall.
Our Gateway IP: 123.123.123.123
Our Network behind the Gate: 192.168.100.0/24
Remote Gateway IP address: 42.173.16.1
Remote VPN Domain: 42.173.128.0/20
IKE Phase 1: 3DES/MD5 - Group 2 (1024bit) - Renegotiate IKE SA every
1440 minutes - No aggressive mode
Shared secret authentication
IKE Phase 2: AES-128/MD5 - No PFS - Renegotiate Ipsec SA every 3600
minutes
I start isakmpd -K, and then add the ipsec configuration via
ipsecctl -f /etc/ipsec.conf
ike active esp from 192.168.100.0/24 to 42.173.128.0/20\
local 123.123.123.123 peer 42.173.16.1 \
main auth hmac-md5 enc 3des group grp2 \
quick auth hmac-md5 enc aes group none \
psk mySecret
I had no problem to get a tunnel working between two openbsd 4.0 hosts with
the above configuration file, so I think my problem can only be the timings
of the renegotiations. What are the default renegotiation timings, and where
should i configure these?
kind regards
Sebastian
