GOT IT :) Love it when it all falls in place :)
Damiens advice of -D99 worked a treat - we saw that the quick and main
auths were not playing nice so I had to add the 'quick auth hmac-md5
enc 3des' bits as well - DOH!
I must say tho that /etc/ipsec.conf is MUCH easier than the old way so
nice wor
On Wed, Apr 05, 2006 at 05:13:36PM +1000, Karl Kopp wrote:
>
> Firstly, I thought I could just use /etc/ipsec.conf (right?) and a
> line like this:
>
> ike esp from 10.1.1.0/24 to 202.1.1.0/24 peer 202.1.1.30 main auth
> hmac-md5 enc 3des psk shhhSecret
this looks correct.
Additionally to the d
Hi Damien,
Firstly, do you think I will be able to do this with the
/etc/ipsec.conf setup, or will I have to go thru all the
/etc/isakmpd/* stuff?
> > crypto isakmp policy 10
> > encr 3des
> > hash md5
> > authentication pre-share
> > group 2
>
> Last time I tried, I had to specify an explici
On Wed, 5 Apr 2006, Karl Kopp wrote:
> Hi Damien,
>
> Firstly, do you think I will be able to do this with the
> /etc/ipsec.conf setup, or will I have to go thru all the
> /etc/isakmpd/* stuff?
I haven't yet used ipsecctl to set up a VPN, but in theory it
shouldn't matter which way you go.
> >
On Wed, 5 Apr 2006, Karl Kopp wrote:
> crypto isakmp policy 10
> encr 3des
> hash md5
> authentication pre-share
> group 2
Last time I tried, I had to specify an explicit lifetime for the
phase 1 policy here.
> run isakmpd -K -d, then ipsecctl -f /etc/ipsec.conf and get:
>
> 170525.073348 D
5 matches
Mail list logo
