Debugging an OpenBSD 4.5 ISAKMP VPN problem

Posted on 2009/05/24 by Balazs

There is some very good info here:http://www.allard.nu/openbsd/ specifically, I found the following hints helpful:


'isakmpd -d'
Start isakmpd with 'isakmpd -d'. Isakmpd will output things like wrong file permissions and typos in the configuration file. On connect you might see things like "NO PROPOSAL CHOOSEN" which can either mean that your configuration parameters between the client and the server doesn't match, or that you have typed the wrong pre-shared key.

'isakmpd -L' and 'tcpdump -avs 1440 -r /var/run/isakmpd.pcap'
This one is really nice to check if your configurations between the client and the server match and also to learn howto create isakmpd.conf files for new clients. With 'isakmpd -L' isakmpd will dump, in tcpdump format, everything it sends and recieves to /var/run/isakmpd.pcap. You then check what happened with 'tcpdump -avs 1440 -r /var/run/isakmpd.pcap'. Look here for an example output of isakmpd -L and tcpdump. This output is typically what you want to send to the mailing list when you want help with something if the above doesn't help you.

This entry was posted in OpenBSD and tagged , , . Bookmark the permalink.

NewPush has solutions to fit your business needs.  For more than a decade, our focus has been to take on the technical challenges that are the hardest and most time-consumming.  Our goal is to free up your resources to focus on the core activities of your business and to drive your business performance.  Please visit our main site at newpush.com for more information or call us at +1-303-423-4500.