From cc3d68ec3a3bf936bfb721baeaa04a3e936e4695 Mon Sep 17 00:00:00 2001 From: Niklas Hallqvist Date: Mon, 5 Apr 1999 21:03:27 +0000 Subject: Merge with EOM 1.19 up-to-date --- sbin/isakmpd/README | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) (limited to 'sbin/isakmpd/README') diff --git a/sbin/isakmpd/README b/sbin/isakmpd/README index e66ee613205..94f556dca4b 100644 --- a/sbin/isakmpd/README +++ b/sbin/isakmpd/README @@ -1,23 +1,22 @@ -$OpenBSD: README,v 1.8 1999/03/24 14:58:45 niklas Exp $ -$EOM: README,v 1.18 1999/03/08 00:39:25 niklas Exp $ +$OpenBSD: README,v 1.9 1999/04/05 21:03:26 niklas Exp $ +$EOM: README,v 1.19 1999/04/02 01:08:56 niklas Exp $ This is isakmpd, a BSD-licensed ISAKMP/Oakley (a.k.a. IKE) implementation. It's written by Niklas Hallqvist and Niels Provos, funded by Ericsson Radio Systems AB. Currently it is work in -progress, although it can be used for real setups if some features are -not used. For example it does not renegotiate SAs when an application -says they have expired. It is not released, thus I won't bother -calling it any version numbers. When you got the source, hopefully -the archive was named with a date which reflects when it was created. -These archives are also known as snapshots and will be created at -irregular intervals and put up on ftp.gsnig.net and ftp.appli.se in -/pub/isakmpd. From Nov 14, 1998 isakmpd is also available in the -OpenBSD main source tree under src/sbin/isakmpd, though slightly -modified for patent reasons. Look at http://www.openbsd.org/ for -details on how to get OpenBSD source. +progress, although it can be used for real setups. It is not released, +thus I won't bother calling it any version numbers. When you got the +source, hopefully the archive was named with a date which reflects when +it was created. These archives are also known as snapshots and will be +created at irregular intervals and put up on ftp.gsnig.net and +ftp.appli.se in /pub/isakmpd. From Nov 14, 1998 isakmpd is also +available in the OpenBSD main source tree under src/sbin/isakmpd, +though slightly modified for patent reasons, and because I don't want to +carry support files for other OSes in that distribution. Look at +http://www.openbsd.org/ for details on how to get OpenBSD source. Isakmpd is being developed under OpenBSD, with OpenBSD as its primary -target, however, a Linux effort has be started. The makefile support +target, however, a Linux effort has been started. The makefile support assumes a BSD environment noneheless as it is not too hard to get such an environment to work under other operating systems. For example, Red Hat 5.2 ships with pmake installed. Read sysdep/README for further @@ -33,13 +32,13 @@ make obj && make depend && make Then obj/isakmpd will be the daemon. I suggest you try it by running under gdb with args similar to: -d -n -p5000 -D0=99 -D1=99 -D2=99 -D3=99 -D4=99 -D5=99 \ - -f/tmp/isakmpd.fifo -cisakmpd.conf.sample + -f/tmp/isakmpd.fifo -csamples/VPN-east.conf That will run isakmpd in the foreground, not connected to any application (like an IPSEC implementation) logging to stderr with full debugging ouput, listening on UDP port 5000, accepting control commands via the named pipe called /tmp/isakmpd.fifo and reading its configuration from the -isakmpd.conf.sample file (found in the isakmpd directory). +VPN-east.conf file (found in the isakmpd/samples directory). If you are root you can try to run without -n -p5000 thus getting it to talk to your IPSec stack and use the standard port 500 instead. @@ -53,12 +52,12 @@ and another fifo (let's say /tmp/other.fifo). Then edit the config file to have some peer descriptions that fit your need and issue a command like this: -$ echo "c IPsec-peer-1" >/tmp/other.fifo +$ echo "c IPsec-east-west" >/tmp/other.fifo and watch. You can turn on debugging on that isakmpd too of course, for greater fun. -You will by now have noticed that this implementation is incomplete, but +You may by now have noticed that this implementation is incomplete, but who cares? You are here because you want to read code, start porting work or help us out fixing what need's to be fixed. -- cgit v1.2.3