Try s/hmac-sha2-256/hmac-sha1/ until you have updated all your firewalls. Also try seeing http://www.openbsd.org/faq/current.html#20100110 ..
Penned by Toni Mueller on 20100317 17:55.34, we have: | Hi, | | I've installed the latest snapshot, with kernel bsd.mp#488, on a | machine that has several IPSEC connections to handle, some fixed | (branch offices), some for road warriors. The setup per se runs well | for several years, but after this upgrade, traffic to the branch | offices stopped. I checked one of the branch office's firewalls, which | runs a slightly older version of OpenBSD, that the encryped packets | arrive on the WAN interface. So I conclude that the gateway, running | the snapshot, pushes the packets out ok (I can observe these packets on | the gateway's enc0 interface, too, so confidence is high). In the | branch office's gateway, using 'netstat -rnf encap', I see all the | entries that there used to be, but I see _NO_ packets on its enc0 | interface. | | Ideas about how to debug these, are most welcome! | | | Kind regards, | --Toni++ -- Todd Fries .. t...@fries.net _____________________________________________ | \ 1.636.410.0632 (voice) | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | 2525 NW Expy #525, Oklahoma City, OK 73112 \ sip:freedae...@ekiga.net | "..in support of free software solutions." \ sip:4052279...@ekiga.net \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt
