Am 31.12.2015 06:56 schrieb Julian Hsiao:
How do I configure isakmpd such that phase 2 parameters must also
match on both ends in order to establish security associations?
Just a guess, but do:
echo r > /var/run/isakmpd.fifo
and look into the /var/run/isakmpd.report
My bet is, that you had a hmac-md5 configured earlier and did not unload
this
before the hmac2 was loaded.
ipsecctl simply ADDs configurations to isakmpd (unless -d), e.g. this:
$ sudo isakmpd -L
$ sudo ipsecctl -f /etc/ipsec.conf
$ sudo vi /etc/ipsec.conf #change to something "lesser"
$ sudo ipsecctl -f /etc/ipsec.conf
now you have TWO running configurations in isakmpd both matching
proposals.
--
pb
