having a nightmare getting two openbsd (one 3.8, one 4.0) boxes to
setup a tunnel. finally got the phase 1 negotiation going (or so i
believe from reviewing the logs) but it appears that the phase two
starts and is just abandoned.
my best guess is that the default definitions for QM-ESP-DES-MD5-SUITE
are incompatible but i can't seem to get by it.
the "-DA=99" output and configuration files are attached in the hope
that someone make sense of this. i also have the "-L" dump if
anyone needs it.
thanks for any assistance.
--
t
t
w
# isakmpd configuration
[General]
Listen-on= 83.104.36.71
[X509-Certificates]
CA-directory= /etc/isakmpd/ca/
Cert-directory= /etc/isakmpd/certs/
Private-key= /etc/isakmpd/private/local.key
[Phase 1]
#84.203.180.117= gw.vpn.cobbled.net
[caley01.vpn.cobbled.net]
ID-Type= FQDN
Name= caley01.vpn.cobbled.net
[gw.vpn.cobbled.net]
ID-Type= FQDN
Name= gw.vpn.cobbled.net
[Phase 2]
Connections= cobbled-caley
[cobbled_net-gw]
Phase= 1
Configuration= low-crypto
Address= 84.203.180.117
ID= caley01.vpn.cobbled.net
Remote-ID= gw.vpn.cobbled.net
[cobbled-caley]
Phase= 2
ISAKMP-peer= cobbled_net-gw
Configuration= low-crypto-quick
Local-ID= cobbled_net-caley
Remote-ID= cobbled_net-all
[cobbled_net-all]
ID-Type= IPV4_ADDR_SUBNET
Network= 10.0.0.0
Netmask= 255.0.0.0
[cobbled_net-caley]
ID-Type= IPV4_ADDR_SUBNET
Network= 10.192.0.0
Netmask= 255.255.0.0
[min-crypto-quick]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
Transforms= QM-ESP-DES-MD5-SUITE
[low-crypto]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA-RSA_SIG
[low-crypto-quick]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
Transforms= QM-ESP-3DES-SHA-PFS-SUITE
[demime 1.01d removed an attachment of type application/x-gunzip]
