Hi Damien, Firstly, do you think I will be able to do this with the /etc/ipsec.conf setup, or will I have to go thru all the /etc/isakmpd/* stuff?
> > crypto isakmp policy 10 > > encr 3des > > hash md5 > > authentication pre-share > > group 2 > > Last time I tried, I had to specify an explicit lifetime for the > phase 1 policy here. This was from the working Cisco config, before I tried to OpenBSD it... > > run isakmpd -K -d, then ipsecctl -f /etc/ipsec.conf and get: > > > > 170525.073348 Default message_recv: invalid cookie(s) 03af03aac4e7f22f > > 9c282b0073a7218f > > 170525.073424 Default dropped message from 202.1.1.30 port 500 due to > > notification type INVALID_COOKIE > > You really need to turn up debugging to figure this out. # isakmpd -K -d -v 192900.955220 Default isakmpd: phase 1 done: initiator id cb5e8756: 203.0.0.1, responder id 90871c27: 202.1.1.30, src: 203.0.0.1 dst: 202.1.1.30 192901.017180 Default message_recv: invalid cookie(s) 63eb546007dc51cc d1409bbf559913e2 192901.017227 Default dropped message from 202.1.1.30 port 500 due to notification type INVALID_COOKIE 192907.996683 Default message_recv: invalid cookie(s) 63eb546007dc51cc d1409bbf559913e2 192907.996749 Default dropped message from 202.1.1.30 port 500 due to notification type INVALID_COOKIE
