Thank for your reply. Ihave the following lines in isakmpd.conf [General] Default-phase-1-lifetime= 28800,60:108000 Default-phase-2-lifetime= 3600,60:86400
Are those the values you were talking about, or are there other values that should be set? Thanks. -----Ursprüngliche Nachricht----- Von: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] Im Auftrag von mxb Gesendet: Dienstag, 18. September 2012 09:43 An: misc@openbsd.org Betreff: Re: isakmpd lifetime trouble with openBSD 5.2 current Tried to add those values into plain old isakmpd.conf? I run 5.2-current and have those values in isakmpd.conf. Never seen those messages and all works fine. On 09/17/2012 09:30 PM, Christoph Leser wrote: > After updating to 5.2 current, I noticed, that incoming phase-1 > requests get drop due to ( from /var/log/messages ) > > Sep 17 21:20:51 q-dsl isakmpd[951]: attribute_unacceptable: life > attribute received, none in policy Sep 17 21:20:51 q-dsl isakmpd[951]: > attribute_unacceptable: life attribute received, none in policy Sep 17 > 21:20:51 q-dsl isakmpd[951]: message_negotiate_sa: no compatible > proposal found Sep 17 21:20:51 q-dsl isakmpd[951]: dropped message > from a.b.c.d port 500 due to notification type NO_PROPOSAL_CHOSEN > > > I tried to add the new lifetime parameters in ipsec.conf, but this did > not make any difference. > > > Best Regards / Mit freundlichen Grüßen > > Christoph Leser > > S&P Computersysteme GmbH > Systemhaus für Logistik > Zettachring 4 > 70567 Stuttgart > www.sup-logistik.de > Tel.: 0711 72641 0 > Fax: 0711 72641 70 > > Amtsgericht Stuttgart HRB 11921 > Geschäftsführer Jürgen Probst, Horst Reichert
