Hello Motty,
Friday, January 16, 2015, 5:24:33 PM, you wrote:
MC> is actually OpenBSD 4.8 not OpenBSD 5.5, I apologize for the mistake.
>>> I'm trying to setup IPSec Tunnel using the following parameters.
>>> Phase 1
>>> exchange encryption: AES256
>>> Data Integrity: SHA256
>>> DH: group 20
>>> Agressive Mode
>>>
>>> phase 2
>>> encryption: AESGCM256
>>> HASH: SHA384
Looking at the manual page for isakmpd.conf, OpenBSD-4.8:
{group} is either GRP1, GRP2, GRP5, GRP14, or GRP15 - seems like group 20
isn't supported (not even in current, according to the man).
Support of AESGCM starts in 5.0 (again according to man).
Not sure if you can use just SHA2 (not SHA2-256 or SHA2-384).
Start with suits examples from the man page (of your system). Only if
they work - try to adjust them (if really needed).
Make sure there are no trailing spaced in your isakmpd.conf. I've had a
lot of "fun" with it in the past. Could be fixed since though.
--
Best regards,
Boris mailto:bo...@twopoint.com
