On a computer running OpenBSD 5.3 system I am migrating from an
isakmpd.conf based configuration to an ipsec.conf based configuration.
The tunnel comes up and works correctly when using isakmpd.conf but I
can't get the tunnel to come up when I use ipsec.conf.
As far as I can see ipsec.conf contains the same settings as the
settings that are in isakmpd.conf.
The error message when using ipsec.conf is: attribute_unacceptable:
ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC.
This means the proposal from the peer does not match the configuration
added by ipsecctl and isakmpd is trying to use its default settings.
I've double-checked the settings ipsec.conf and especially the IP
addresses. I have also looked at the packets and the isakmpd debug
output but all I can see is the peer offering a proposal that matches
what is in ipsec.conf.
I'd like to see how isakmpd interprets the settings in ipsec.conf and
isakmpd.conf and would like to compare those interpretations.
ipsecctl -nvf /etc/ipsec.conf shows the settings from ipsec.conf as they
would be used by isakmpd but don't see how to do the same with isakmpd.conf.
How can I get the settings from isakmpd.conf and ipsec.conf in the same
format so I can compare them?
Daniel
- how to compare ipsec.conf and isakmpd.conf settings? Daniel Polak
-
