Subject: Using isakmpd between NetBSD and others...
To: None <firstname.lastname@example.org>
From: Darren Reed <email@example.com>
Date: 08/12/2001 12:57:11
Is there anyone out there that is having a good time using isakmpd talking
to other boxes running it, including OpenBSD as well as Windows 2000 ?
Oh, I'm using transport mode, not tunnel...
I'm using NetBSD 1.5 with isakmpd from pkgsrc - will newer versions than
the one in pkgsrc work better with 1.5 ?
To summarize the problems I see:
* I cannot initiate an IPsec session between NetBSD 1.5 and either Windows
2000(sp2) or OpenBSD 2.9 from the NetBSD box. If I try, nothing happens
and to set one up from the other end I need to flush the spd table and
* If one end gets "rebooted" (ie. Windows 2000 box) while it is able to
talk to NetBSD using IPsec, then IPsec stops working and you need to
restart it on NetBSD as well. Or more accurately, you need to have
the two ends do a synchronised restart of IPsec. The same seems to
also apply to isakmpd between NetBSD 1.5 and OpenBSD 2.9
* Negoitiation of which crypto/hashing to use fails between NetBSD 1.5 and
Windows 2000. I haven't dare try it between NetBSD 1.5 and OpenBSD 2.9.
Does anyone have any success stories on how to resolve some of the above
problems or tips on configuring isakmpd.conf ? I'm particularly interested
in success stories about people configuring NetBSD firewalls/isakmpd servers
for "road warriors" with Windows on a laptop, using IPsec to tunnel across
the Internet. So far the best I can say is "not ready yet" :-(