Just go to 5.6 or even better to current that is almost 5.7 now and use ikev2 instead.
Much simpler to use. At a minimum just give it a trial for fun if you like. You may fall in love with it. (:> 4.8 is so old that I am not sure anyone will care to answer it, or even remember if they had issue with it or not. On 1/16/15 6:24 PM, Motty Cruz wrote: > Hello All, > is actually OpenBSD 4.8 not OpenBSD 5.5, I apologize for the mistake. > > I still get the exchange_run: doi->initiator error, not even sure what > to look for. > > Thanks, > Motty > > On 01/16/2015 01:16 PM, mxb wrote: >> Hey, >> You probably want to start with ipsec.conf(5). >> isakmpd.conf is generated out of ipsec.conf. >> I think people running 5.4+ don’t even use it any more. >> >> Br >> >> //mxb >> >>> On 16 jan 2015, at 21:22, Motty Cruz <motty.c...@gmail.com> wrote: >>> >>> Hello All, >>> >>> I'm trying to setup IPSec Tunnel using the following parameters. >>> Phase 1 >>> exchange encryption: AES256 >>> Data Integrity: SHA256 >>> DH: group 20 >>> Agressive Mode >>> >>> phase 2 >>> encryption: AESGCM256 >>> HASH: SHA384 >>> >>> I can't find examples to configure isakmpd.conf using parameters above. >>> >>> [fw2-main-mode] >>> DOI= IPSEC >>> EXCHANGE_TYPE= ID_PROT >>> Transforms= AES256-SHA2-GRP20 >>> >>> [fw2-quick-mode] >>> DOI= IPSEC >>> EXCHANGE_TYPE= QUICK_MODE >>> Suites= QM-ESP-AESGCM-SHA2-SUITE >>> >>> [QM-ESP-AESGCM-256-SHA2-SUITE] >>> TRANSFORM_ID= AESGCM >>> ENCAPSULATION_MODE= TUNNEL >>> AUTHENTICATION_ALGORITHM= HMAC_SHA2 >>> GROUP_DESCRIPTION= EC_384 >>> Life= LIFE_3600_SECS >>> >>> using this configuration I get the following error: >>> isakmpd[30247]: exchange_run: doi->initiato >>> >>> Thanks in advance, >>> -Motty
