Tim Stewart <t...@stoo.org> writes: > A sample configuration: > > ikev2 "win10host" passive esp \ > from 0.0.0.0/0 to 10.1.1.51 \ > local any peer any \ > ikesa auth hmac-sha2-384 enc aes-256 prf hmac-sha2-384 group modp2048 \ > childsa enc aes-256-gcm group modp2048 \ > srcid "/C=US/ST=New York/L=NYC/O=Stoo Labs/OU=iked/CN=foo.stoo.org" \ > dstid "/C=US/ST=New York/L=NYC/O=Stoo Labs/OU=iked/CN=bar.stoo.org" \ > rsa \ > config address 10.1.1.51 \ > config name-server 10.1.1.5 \ > config name-server 10.1.1.6 \ > tag "$name-$id" > > The above configuration worked fine with iked in OpenBSD 6.0. It broke > as of 6.1 with the following error: > > set_policy_auth_method: ikeauth policy mismatch, rsa specified, but only > rfc7427 possible > set_policy: failed to set policy auth method for > /etc/iked.conf: 17: create_ike failed > /etc/iked.conf: no valid configuration rules found > > I use a CA certificate and signed host certificates generated using a > process like the EXAMPLES section in ikectl(8). I'm a bit surprised > that I could not find anyone else who has seen this problem, so maybe > I'm doing something strange without realizing it.
Is there any more information that I can provide about this issue, or possibly suggestions for changes to the patch? Some guidance would help me as I am new to this code. Perhaps this should be moved to bugs? (I posted to tech because I had a patch). Thanks, -TimS -- Tim Stewart ----------- Mail: t...@stoo.org Matrix: @tim:stoo.org
