As naddy@ answered this already for "ipsec outgoing address translation question" on this list, 'ipsecctl -nv' is the right way to go.
//mxb On 26 sep 2013, at 18:04, Daniel Polak <dan...@sys.nl> wrote: > On a computer running OpenBSD 5.3 system I am migrating from an isakmpd.conf > based configuration to an ipsec.conf based configuration. > > The tunnel comes up and works correctly when using isakmpd.conf but I can't > get the tunnel to come up when I use ipsec.conf. > As far as I can see ipsec.conf contains the same settings as the settings > that are in isakmpd.conf. > > The error message when using ipsec.conf is: attribute_unacceptable: > ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC. > This means the proposal from the peer does not match the configuration added > by ipsecctl and isakmpd is trying to use its default settings. > > I've double-checked the settings ipsec.conf and especially the IP addresses. > I have also looked at the packets and the isakmpd debug output but all I can > see is the peer offering a proposal that matches what is in ipsec.conf. > > I'd like to see how isakmpd interprets the settings in ipsec.conf and > isakmpd.conf and would like to compare those interpretations. > > ipsecctl -nvf /etc/ipsec.conf shows the settings from ipsec.conf as they > would be used by isakmpd but don't see how to do the same with isakmpd.conf. > > How can I get the settings from isakmpd.conf and ipsec.conf in the same > format so I can compare them? > > > Daniel
