Apologies if this was already sent, I am having difficulty with my email
lately and this didn't look like it sent earlier.
Good morning everyone,
I am wondering is there a way to allow either via /etc/ipsec.conf or
/etc/isakmpd/isakmpd.policy to configure a road warrior type of IPsec VPN
access to my router that accomodates multiple types of IPsec clients that
regrettably have limitations in the auth/enc/DH groups they support.
For instance I am trying to get my IPsec/L2TP tunnel VPN working with two
separate clients that support it, but have weird limitations.
My Android phone only works when I set my ipsec.conf file to something like
the following:
ike passive esp transport \Â Â Â Â proto udp from XXX.XXX.XXX.XXX to any
port 1701 \Â Â Â Â main auth "hmac-sha" enc "aes" group "modp1024" \Â Â
  quick auth "hmac-sha" enc "aes" group "modp1024" \    psk
"presharedkey"
But that won't work with my Chromebook which requires:
ike passive esp transport \Â Â Â Â proto udp from XXX.XXX.XXX.XXX to any
port 1701 \Â Â Â Â main auth "hmac-md5" enc "aes" group "modp2048" \Â Â
  quick auth "hmac-md5" enc "aes" group "modp2048" \    psk
"presharedkey"
One requires md5 but only with modp2048 while the other might work with md5,
but only with modp1024. Â If I don't specify these options than neither work
so I have to, but doing so seems to limit me to one or the other.
Is there any way I can specify both versions simultaneously? Â I don't see
anything in the various manpages about being able to allow multiple
transforms.
Any help would be greatly appreciated.
Sly
