Hi,
My question is: What I'm doing wrong?
Two machines, both same snapshot, and I'm failing to setup VPN tunnel
between them with following configuration files:
# cn700: /etc/ipsec.conf (vpn server)
ike passive esp tunnel \
from 172.16.0.51 to 79.97.200.174 \
srcid cn700.ath.cx dstid www1.virtualization.lan
# www1: /etc/ipsec.conf (vpn client)
ike dynamic esp tunnel \
from 172.16.0.51 to 79.97.200.174 \
peer 79.97.200.174 \
srcid www1.virtualization.lan dstid cn700.ath.cx
On VPN server (cn700) I get following error:
> Jul 18 15:42:02 cn700 isakmpd[14697]: attribute_unacceptable:
> ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC
> Jul 18 15:42:02 cn700 isakmpd[14697]: message_negotiate_sa: no compatible
> proposal found
> Jul 18 15:42:02 cn700 isakmpd[14697]: dropped message from 79.97.195.245 port
> 54860 due to notification type NO_PROPOSAL_CHOSEN
ON VPN client (www1) I get following error:
> Jul 18 15:43:46 www1 isakmpd[13468]: transport_send_messages: giving up on
> exchange peer-79.97.200.174, no response from peer 79.97.200.174:500
On both machines isakmpd(8) started same way `isakmpd -vK'. Machine cn700 has
ip 79.97.200.174, and www1 has ip 172.16.0.51.
# sysctl kern.version
kern.version=OpenBSD 4.6-current (GENERIC) #62: Wed Jul 15 17:27:21 MDT 2009
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
--
best regards
q#
