bellow error message i get :
195710.884316 Default attribute_unacceptable: ENCRYPTION_ALGORITHM:
got AES_CBC, expected 3DES_CBC
195710.885049 Default attribute_unacceptable: ENCRYPTION_ALGORITHM:
got AES_CBC, expected 3DES_CBC
195710.885584 Default attribute_unacceptable: AUTHENTICATION_METHOD:
got PRE_SHARED, expected RSA_SIG
195710.886095 Default attribute_unacceptable: HASH_ALGORITHM: got MD5,
expected SHA
195710.886709 Default attribute_unacceptable: ENCRYPTION_ALGORITHM:
got DES_CBC, expected 3DES_CBC
195710.887254 Default attribute_unacceptable: ENCRYPTION_ALGORITHM:
got DES_CBC, expected 3DES_CBC
195710.887762 Default message_negotiate_sa: no compatible proposal found
195710.888194 Default dropped message from 202.93.222.32 port 500 due
to notification type NO_PROPOSAL_CHOSEN
bellow isakmpd.conf
[General]
Retransmits= 10
Exchange-max-time= 120
Listen-on= 202.93.222.32
#incoming phase 1 negotitions are multipled on the source ip address
[Phase= 1]
Local-address= 192.168.48.2
Adress= 202.93.222.32
Authentication= 123
[Phase 1]
192.168.48.2= ISAKMP-peer-west
[Phase 2]
Connections= IPsec-east-west
[in mode transforms]
##################
# DES
[DES-MD5]
ENCRYPTION_ALGORITHM= DES_CBC
HASH_ALGORITHM= MD5
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_MAIN_MODE
[DES-SHA]
ENCRYPTION_ALGORITHM= DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_MAIN_MODE
# 3DES
[3DES-SHA]
ENCRYPTION_ALGORITHM= 3DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_MAIN_MODE
# AES
[AES-SHA]
ENCRYPTION_ALGORITHM= AES_CBC
KEY_LENGTH= 128,128:256
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_MAIN_MODE
# AES-128
[AES-128-SHA]
ENCRYPTION_ALGORITHM= AES_CBC
KEY_LENGTH= 128,128:128
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_MAIN_MODE
# AES-192
[AES-192-SHA]
ENCRYPTION_ALGORITHM= AES_CBC
KEY_LENGTH= 192,192:192
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_MAIN_MODE
# AES-256
[AES-256-SHA]
ENCRYPTION_ALGORITHM= AES_CBC
KEY_LENGTH= 256,256:256
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_MAIN_MODE
# Blowfish
[BLF-SHA]
ENCRYPTION_ALGORITHM= BLOWFISH_CBC
KEY_LENGTH= 128,96:192
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_MAIN_MODE
# Blowfish, using DH group 4 (non-default)
[BLF-SHA-EC185]
ENCRYPTION_ALGORITHM= BLOWFISH_CBC
KEY_LENGTH= 128,96:192
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= EC2N_185
Life= LIFE_MAIN_MODE
# Quick mode protection suites
##############################
# DES
[QM-ESP-DES-SUITE]
Protocols= QM-ESP-DES
[QM-ESP-DES-PFS-SUITE]
Protocols= QM-ESP-DES-PFS
[QM-ESP-DES-MD5-SUITE]
Protocols= QM-ESP-DES-MD5
[QM-ESP-DES-MD5-PFS-SUITE]
Protocols= QM-ESP-DES-MD5-PFS
[QM-ESP-DES-SHA-SUITE]
Protocols= QM-ESP-DES-SHA
[QM-ESP-DES-SHA-PFS-SUITE]
Protocols= QM-ESP-DES-SHA-PFS
# 3DES
[QM-ESP-3DES-SHA-SUITE]
Protocols= QM-ESP-3DES-SHA
[QM-ESP-3DES-SHA-PFS-SUITE]
Protocols= QM-ESP-3DES-SHA-PFS
# AES
[QM-ESP-AES-SHA-SUITE]
Protocols= QM-ESP-AES-SHA
[QM-ESP-AES-SHA-PFS-SUITE]
Protocols= QM-ESP-AES-SHA-PFS
# AES-128
[QM-ESP-AES-128-SHA-SUITE]
Protocols= QM-ESP-AES-128-SHA
[QM-ESP-AES-128-SHA-PFS-SUITE]
Protocols= QM-ESP-AES-128-SHA-PFS
# AES-192
[QM-ESP-AES-192-SHA-SUITE]
Protocols= QM-ESP-AES-192-SHA
[QM-ESP-AES-192-SHA-PFS-SUITE]
Protocols= QM-ESP-AES-192-SHA-PFS
# AES-256
[QM-ESP-AES-256-SHA-SUITE]
Protocols= QM-ESP-AES-256-SHA
[QM-ESP-AES-256-SHA-PFS-SUITE]
Protocols= QM-ESP-AES-256-SHA-PFS
# AH
[QM-AH-MD5-SUITE]
Protocols= QM-AH-MD5
[QM-AH-MD5-PFS-SUITE]
Protocols= QM-AH-MD5-PFS
# AH + ESP (non-default)
[QM-AH-MD5-ESP-DES-SUITE]
Protocols= QM-AH-MD5,QM-ESP-DES
[QM-AH-MD5-ESP-DES-MD5-SUITE]
Protocols= QM-AH-MD5,QM-ESP-DES-MD5
[QM-ESP-DES-MD5-AH-MD5-SUITE]
Protocols= QM-ESP-DES-MD5,QM-AH-MD5
# Quick mode protocols
# DES
[QM-ESP-DES]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-DES-XF
[QM-ESP-DES-MD5]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-DES-MD5-XF
[QM-ESP-DES-MD5-PFS]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-DES-MD5-PFS-XF
[QM-ESP-DES-SHA]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-DES-SHA-XF
# 3DES
[QM-ESP-3DES-SHA]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-3DES-SHA-XF
[QM-ESP-3DES-SHA-PFS]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-3DES-SHA-PFS-XF
[QM-ESP-3DES-SHA-TRP]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-3DES-SHA-TRP-XF
# AES
[QM-ESP-AES-SHA]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-AES-SHA-XF
[QM-ESP-AES-SHA-PFS]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-AES-SHA-PFS-XF
[QM-ESP-AES-SHA-TRP]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-AES-SHA-TRP-XF
# AES-128
[QM-ESP-AES-128-SHA]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-AES-128-SHA-XF
[QM-ESP-AES-128-SHA-PFS]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-AES-128-SHA-PFS-XF
[QM-ESP-AES-128-SHA-TRP]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-AES-128-SHA-TRP-XF
# AES-192
[QM-ESP-AES-192-SHA]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-AES-192-SHA-XF
[QM-ESP-AES-192-SHA-PFS]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-AES-192-SHA-PFS-XF
[QM-ESP-AES-192-SHA-TRP]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-AES-192-SHA-TRP-XF
# AES-256
[QM-ESP-AES-256-SHA]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-AES-256-SHA-XF
[QM-ESP-AES-256-SHA-PFS]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-AES-256-SHA-PFS-XF
[QM-ESP-AES-256-SHA-TRP]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-AES-256-SHA-TRP-XF
# AH MD5
[QM-AH-MD5]
PROTOCOL_ID= IPSEC_AH
Transforms= QM-AH-MD5-XF
[QM-AH-MD5-PFS]
PROTOCOL_ID= IPSEC_AH
Transforms= QM-AH-MD5-PFS-XF
# Quick mode transforms
# ESP DES+MD5
[QM-ESP-DES-XF]
TRANSFORM_ID= DES
ENCAPSULATION_MODE= TUNNEL
Life= LIFE_QUICK_MODE
[QM-ESP-DES-MD5-XF]
TRANSFORM_ID= DES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_MD5
Life= LIFE_QUICK_MODE
[QM-ESP-DES-MD5-PFS-XF]
TRANSFORM_ID= DES
ENCAPSULATION_MODE= TUNNEL
GROUP_DESCRIPTION= MODP_1024
AUTHENTICATION_ALGORITHM= HMAC_MD5
Life= LIFE_QUICK_MODE
[QM-ESP-DES-SHA-XF]
TRANSFORM_ID= DES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_SHA
Life= LIFE_QUICK_MODE
# 3DES
[QM-ESP-3DES-SHA-XF]
TRANSFORM_ID= 3DES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_SHA
Life= LIFE_QUICK_MODE
[QM-ESP-3DES-SHA-PFS-XF]
TRANSFORM_ID= 3DES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_SHA
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_QUICK_MODE
[QM-ESP-3DES-SHA-TRP-XF]
TRANSFORM_ID= 3DES
ENCAPSULATION_MODE= TRANSPORT
AUTHENTICATION_ALGORITHM= HMAC_SHA
Life= LIFE_QUICK_MODE
# AES
[QM-ESP-AES-SHA-XF]
TRANSFORM_ID= AES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_SHA
KEY_LENGTH= 128
Life= LIFE_QUICK_MODE
[QM-ESP-AES-SHA-PFS-XF]
TRANSFORM_ID= AES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_SHA
GROUP_DESCRIPTION= MODP_1024
KEY_LENGTH= 128
Life= LIFE_QUICK_MODE
[QM-ESP-AES-SHA-TRP-XF]
TRANSFORM_ID= AES
ENCAPSULATION_MODE= TRANSPORT
AUTHENTICATION_ALGORITHM= HMAC_SHA
KEY_LENGTH= 128
Life= LIFE_QUICK_MODE
# AES-128
[QM-ESP-AES-128-SHA-XF]
TRANSFORM_ID= AES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_SHA
KEY_LENGTH= 128
Life= LIFE_QUICK_MODE
[QM-ESP-AES-128-SHA-PFS-XF]
TRANSFORM_ID= AES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_SHA
GROUP_DESCRIPTION= MODP_1024
KEY_LENGTH= 128
Life= LIFE_QUICK_MODE
[QM-ESP-AES-128-SHA-TRP-XF]
TRANSFORM_ID= AES
ENCAPSULATION_MODE= TRANSPORT
AUTHENTICATION_ALGORITHM= HMAC_SHA
KEY_LENGTH= 128
Life= LIFE_QUICK_MODE
# AES-192
[QM-ESP-AES-192-SHA-XF]
TRANSFORM_ID= AES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_SHA
KEY_LENGTH= 192
Life= LIFE_QUICK_MODE
[QM-ESP-AES-192-SHA-PFS-XF]
TRANSFORM_ID= AES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_SHA
GROUP_DESCRIPTION= MODP_1024
KEY_LENGTH= 192
Life= LIFE_QUICK_MODE
[QM-ESP-AES-192-SHA-TRP-XF]
TRANSFORM_ID= AES
ENCAPSULATION_MODE= TRANSPORT
AUTHENTICATION_ALGORITHM= HMAC_SHA
KEY_LENGTH= 192
Life= LIFE_QUICK_MODE
# AES-256
[QM-ESP-AES-256-SHA-XF]
TRANSFORM_ID= AES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_SHA
KEY_LENGTH= 256
Life= LIFE_QUICK_MODE
[QM-ESP-AES-256-SHA-PFS-XF]
TRANSFORM_ID= AES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_SHA
GROUP_DESCRIPTION= MODP_1024
KEY_LENGTH= 256
Life= LIFE_QUICK_MODE
[QM-ESP-AES-256-SHA-TRP-XF]
TRANSFORM_ID= AES
ENCAPSULATION_MODE= TRANSPORT
AUTHENTICATION_ALGORITHM= HMAC_SHA
KEY_LENGTH= 256
Life= LIFE_QUICK_MODE
# AH
[QM-AH-MD5-XF]
TRANSFORM_ID= MD5
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_MD5
Life= LIFE_QUICK_MODE
[QM-AH-MD5-PFS-XF]
TRANSFORM_ID= MD5
ENCAPSULATION_MODE= TUNNEL
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_QUICK_MODE
[Sample-Life-Time]
LIFE_TYPE= SECONDS
LIFE_DURATION= 3600,1800:7200
[Sample-Life-Volume]
LIFE_TYPE= KILOBYTES
LIFE_DURATION= 1000,768:1536ISAKMP-peer-west]
On Wed, Apr 2, 2008 at 1:31 PM, sonjaya <[EMAIL PROTECTED]> wrote:
> Dear all
>
> Anyone here sucsess implemention ipsec in obsd 4.2 with nokia ip40 (
> appliacne vpn client).
> Now i have obsd 4.2 and ipsec and try with obsd 4.2 as client working
> fine , but with nokia ip40 isn't
> beloow simple ipsec.conf in my obsd 4.2
>
> a_lan="192.168.1.0/24"
> b_lan="192.168.2.0/24"
> vpn_gw="202.93.222.32"
> ike esp from $b_lan to $a_lan peer $vpn_gw psk mypassword
> ike esp from egress to $a_lan peer $vpn_gw psk mypassword
> ike esp from egress to $vpn_gw
>
>
> --
> sonjaya
> http://sicute.blogspot.com
>
--
sonjaya
http://sicute.blogspot.com
