From: Urie, Todd (TUrie@trueposition.com)
Date: Thu Nov 07 2002 - 15:41:18 EST
I have been trying to get a simple VPN configured using SunScreen Lite. I
have been using what I thought was a simple configuration to get this done.
The rules on "Valkyrie" are below (similar rules exist on "Test" with
appropriate modifications):
1 "icmp all" "addrValkyrie" "addrTest" SKIP_VERSION_2 "certValkyrie"
"certTest" "none" "none" "none" "NONE" SOURCE_TUNNEL "addrValkyrie"
DESTINATION_TUNNEL "addrTest" ALLOW COMMENT "Outbound"
2 "icmp all" "addrTest" "addrValkyrie" SKIP_VERSION_2 "certTest"
"certValkyrie" "none" "none" "none" "NONE" SOURCE_TUNNEL "addrTest"
DESTINATION_TUNNEL "addrValkyrie" ALLOW COMMENT "Inbound"
3 "common" "*" "*" ALLOW
The idea is just to get ping packets to be tunneled between "Valkyrie" and
"Test". If I issue 'ping Test' from Valkyrie and snoop the appropriate
interface on "Test", I can see the encapsulated echo-request from "Valkyrie"
but "Test" never responds.
ifconfig hme0 modlist shows that the 'efs' module is loaded but not the SKIP
module, as is expected based upon the error message described below. I
reviewed the SKIP log files and see entries indicating that keys were
exchanged and all appeared to work successfully.
While trying to figure out what is going on I started to look at the SKIP
configuration. I noticed that whenever SKIP attempts to load during boot, I
get an error message indicating that SKIP could not bring the interface down
because it is in an 'unsecure mode'.
I have searched 'google', read the man pages, and searched 'sunmanagers'
archives. I did find some matches, but nothing that helped me solve my
problem.
Can anyone point me in the right direction?
Any help would be greatly appreciated.
Thanks,
Todd Urie
Unix Admin
TruePosition, Inc
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:25:15 EDT