On 2012-04-01, Girish Venkatachalam <girishvenkatacha...@gmail.com> wrote: > If it matters in any manner at all, my ipsec.conf is > > #ike passive esp from $localnet to $remotenet peer $remoteip \ > main auth hmac-sha1 enc 3des group modp1536 \ > quick auth hmac-sha1 enc 3des group none psk <removed>
# on the first line? that makes this all commented-out. (the \ continues the comment onto the next line; this may not be what you might expect if you're used to shell scripts etc but it's consistent amongst the various config parsers in OpenBSD). > Do you want isakmpd.conf too? I got one from some site. > > Here is the phase 1 auth reject message I get. > > 201238.986501 Default attribute_unacceptable: AUTHENTICATION_METHOD: > got PRE_SHARED, expected RSA_SIG > 201238.986523 Default attribute_unacceptable: AUTHENTICATION_METHOD: > got PRE_SHARED, expected RSA_SIG > 201238.986547 Default attribute_unacceptable: AUTHENTICATION_METHOD: > got PRE_SHARED, expected RSA_SIG IIRC if you don't specify anything else, it will default to RSA_SIG, so this matches what I'd expect if the line was commented-out.
