diff options
Diffstat (limited to 'keyexchange/isakmpd-20041012/README')
| -rw-r--r-- | keyexchange/isakmpd-20041012/README | 68 |
1 files changed, 0 insertions, 68 deletions
diff --git a/keyexchange/isakmpd-20041012/README b/keyexchange/isakmpd-20041012/README deleted file mode 100644 index 13df6a1..0000000 --- a/keyexchange/isakmpd-20041012/README +++ /dev/null @@ -1,68 +0,0 @@ -$OpenBSD: README,v 1.19 2003/02/22 06:57:07 kjell Exp $ -$EOM: README,v 1.28 1999/10/10 22:53:24 angelos Exp $ - -This is isakmpd, a BSD-licensed ISAKMP/Oakley (a.k.a. IKE) -implementation. It's written by Niklas Hallqvist and Niels Provos, -funded by Ericsson Radio Systems AB. Isakmpd's home is in the -OpenBSD main source tree under src/sbin/isakmpd. Look at -http://www.openbsd.org/ for details on how to get OpenBSD source. - -Isakmpd is being developed under OpenBSD, with OpenBSD as its primary -target, however, it is ported to Linux with FreeS/WAN IPsec. The -makefile support assumes a BSD environment nonetheless as it is not too -hard to get such an environment to work under other operating systems. -For example, Red Hat 5.2 shipped with pmake installed. Read sysdep/README -for further details about this issue. Other systems isakmpd has been -ported to, but no code has been made available for, includes Solaris -and Win32s. I mention this just because it shows that the code is -fairly portable. - -First edit the Makefile in a manner you see fit. Specifically the OS -define is important to get right of course. -Assuming you have an OpenBSD /usr/share/mk and use the OpenBSD (or -similar) make(1), you build isakmpd this way: - -make obj && make depend && make - -Then obj/isakmpd will be the daemon. I suggest you try it by running -under gdb with args similar to: - -d -n -p5000 -DA=99 -f/tmp/isakmpd.fifo -csamples/VPN-east.conf - -That will run isakmpd in the foreground, not connected to any application -(like an IPsec implementation) logging to stderr with full debugging output, -listening on UDP port 5000, accepting control commands via the named pipe -called /tmp/isakmpd.fifo and reading its configuration from the -VPN-east.conf file (found in the isakmpd/samples directory). - -If you are root you can try to run without -n -p5000 thus getting it to -talk to your IPsec stack and use the standard port 500 instead. - -The logging classes are Miscellaneous = 0, Transports = 1, Messages = 2, -Crypto = 3, Timers = 4, System Dependencies = 5, Security Associations = 6, -and Exchanges = 7. The debug levels increase in verbosity from 0 (off) to -99 (max). Read log.[ch] and ui.c to see how to alter the debugging levels. - -Now you have setup your daemon and can watch incoming negotiations. -But how do you get such? Either use http://isakmp-test.ssh.fi/, -there's an excellent service, just waiting for you. Or you can try to -start another isakmpd on another port (say -p5001 or so, instead) -and another fifo (let's say /tmp/other.fifo). Then edit the config -file to have some peer descriptions that fit your need and issue a -command like this: - -$ echo "c IPsec-east-west" >/tmp/other.fifo - -and watch. You can turn on debugging on that isakmpd too of course, for -greater fun. This rudimentary user interface is slightly described in -DESIGN-NOTES. If you are going to look at the config file, don't be scared, -the man page isakmpd.conf(5) covers every detail, and the flexibility will -be hidden under a userfriendlier layer in a later release. I did this -first config-file syntax just because it should be easy to parse. The man -page isakmpd.policy(5) describes the policy model used in conjunction with -KeyNote. - -Happy IKEing! - -Niklas Hallqvist <niklas@openbsd.org> -Niels Provos <provos@openbsd.org> -Håkan Olsson <ho@openbsd.org> |