2012/4/1 Girish Venkatachalam <[email protected]>: > Dear all, > > I am having a ball of a time configuring ipsec.conf against our > friendly Fortigate VPN box. > I think the model is some very old one, perhaps 50B or something. > Now some other Linux based commercial VPN is able to talk to it as > Fortigate also is > from the same parent. So is every other boy out there. > But I want OpenBSD to talk to it.
I have made my obsd ipsecs talk to some version of fortigate, so its doable. > I am sure with a lot of hard work I could possibly sort this out but > some wisdom from you > is good, particularly for the archives and google. > > If it matters in any manner at all, my ipsec.conf is > > #ike passive esp from $localnet to $remotenet peer $remoteip \ > main auth hmac-sha1 enc 3des group modp1536 \ > quick auth hmac-sha1 enc 3des group none psk <removed> Here you select auth by using "Preshared key" (that's the psk stuff) > Do you want isakmpd.conf too? I got one from some site. ipsec.conf builds it for you > > Here is the phase 1 auth reject message I get. > 201238.986501 Default attribute_unacceptable: AUTHENTICATION_METHOD: > got PRE_SHARED, expected RSA_SIG > Any pointers are much appreciated. Here is says "You want to use PRE_SHARED keys, I want to use RSA_SIG" -- To our sweethearts and wives. May they never meet. -- 19th century toast
