On 2013-03-01, Loïc Blot <loic.b...@unix-experience.fr> wrote: > Hello Misc ! > I have a strange problem, and google doesn't help me. > I want to make an IPSec+GRE tunnel with OSPF. For now, OSPF over GRE is > perfectly working (ipv4+ipv6). > I have a problem with IPSec, and I don't find how to resolve it. > > It's a fresh OpenBSD 5.2 image. > > The error is the following: > attribute_unacceptable: ENCRYPTION_ALGORITHM: got AES_CBC, expected > 3DES_CBC > > My ipsec.conf is very simple for now: > > on host A > > ike esp transport from 10.0.0.1 to 10.0.0.2 > > and on host B > > ike esp transport from 10.0.0.2 to 10.0.0.1 > > Any idea ?
The default settings in isakmpd are for 3DES_CBC so this indicates that the packets did not match the configuration added by ipsecctl and instead matched the default in isakmpd. Are the packets coming from the expected IP addresses? Check with tcpdump if in doubt.
