On Wed, 5 Apr 2006, Karl Kopp wrote: > Hi Damien, > > Firstly, do you think I will be able to do this with the > /etc/ipsec.conf setup, or will I have to go thru all the > /etc/isakmpd/* stuff?
I haven't yet used ipsecctl to set up a VPN, but in theory it shouldn't matter which way you go. > > > crypto isakmp policy 10 > > > encr 3des > > > hash md5 > > > authentication pre-share > > > group 2 > > > > Last time I tried, I had to specify an explicit lifetime for the > > phase 1 policy here. > > This was from the working Cisco config, before I tried to OpenBSD it... Was that Cisco->Cisco? OpenBSD sets different lifetime limits IIRC. > > You really need to turn up debugging to figure this out. > > # isakmpd -K -d -v "-d" just makes isakmpd log to stderr, you probably want "-DA=99" -d
