Still getting the same errors as below:
131529.495890 Plcy 40 check_policy: adding authorizer [passphrase:password] 131529.495915 Plcy 40 check_policy: adding authorizer [passphrase-md5-hex:5f4dcc3b5aa765d61d8327deb882cf99] 131529.495927 Plcy 40 check_policy: adding authorizer [passphrase-sha1-hex:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8] 131529.495939 Plcy 40 check_policy: kn_do_query returned 0 131529.495953 Default check_policy: negotiated SA failed policy check For some reason it's failing in the passphrase, I've edited the policy file and conf file to remove any/all unusual codings, and even removed the Policies section (also removed spaces at the end of lines, etc) and ended up with files as follows: /etc/isakmpd/isakmpd.policy: Authorizer: "POLICY" Licensees: "passphrase:password" esp_present == "yes" && esp_enc_alg != "null" -> "true"; /etc/isakmpd/isakmpd.conf [General] Retransmits = 5 Exchange-max-time = 120 Listen-on = External_ip_for_OBSD Shared-SADB= Defined Renegotiate-on-HUP= Defined [Phase 1] Default = ISAKMP-clients [Phase 2] Passive-Connections = IPsec-clients [ISAKMP-clients] Phase = 1 Transport = udp Configuration = win-main-mode Authentication = password [IPsec-clients] Phase = 2 Configuration = win-quick-mode Local-ID = default-route Remote-ID = dummy-remote [default-route] ID-type = IPV4_ADDR_SUBNET Network = 0.0.0.0 Netmask = 0.0.0.0 [dummy-remote] ID-type = IPV4_ADDR Address = 0.0.0.0 [win-main-mode] DOI = IPSEC EXCHANGE_TYPE = ID_PROT Transforms = 3DES-SHA-GRP2 [win-quick-mode] DOI = IPSEC EXCHANGE_TYPE = QUICK_MODE Suites = QM-ESP-3DES-SHA-SUITE (again tried to clear any possible control characters) On the windows side start_vpn.bat (hard coded spaces to show different lines): @echo off c:\ipsec\ipseccmd.exe -u echo cleared c:\ipsec\ipseccmd.exe -f 0=192.168.1.0/255.255.255.0 -n ESP[3DES,SHA] -t public_ip_oBSD -a PRESHARE:"password" -1s 3DES-SHA-2 echo part 1 finished c:\ipsec\ipseccmd.exe -f 192.168.1.0/255.255.255.0=0 -n ESP[3DES,SHA] -t public_ip_xp -a PRESHARE:"password" -1s 3DES-SHA-2 echo finished ------------------------ Have to admit, now it's a matter of wanting to know wtf is going on, and less a matter of wanting to move away from SSH tunneling. If anyone needs more info I can isakmpd -v -d -D A=99 2> vpn_debug.txt (then email the gzipped file, but it looks like the above errors are the problem, which implies it's a password problem, but the preshare is *EXACTLY* as you see it above (I'll change the password once it works one time.) The only things changed are the IPs to protect the not so innocent. Off to bang my head against a wall for a bit. Ben (and no, there are no firewalls currently installed on the test XP box, I want to get it to work there before running into the old, does this work with this software firewall problem on my personal laptop)
