Hey, You probably want to start with ipsec.conf(5). isakmpd.conf is generated out of ipsec.conf. I think people running 5.4+ don’t even use it any more.
Br //mxb > On 16 jan 2015, at 21:22, Motty Cruz <motty.c...@gmail.com> wrote: > > Hello All, > > I'm trying to setup IPSec Tunnel using the following parameters. > Phase 1 > exchange encryption: AES256 > Data Integrity: SHA256 > DH: group 20 > Agressive Mode > > phase 2 > encryption: AESGCM256 > HASH: SHA384 > > I can't find examples to configure isakmpd.conf using parameters above. > > [fw2-main-mode] > DOI= IPSEC > EXCHANGE_TYPE= ID_PROT > Transforms= AES256-SHA2-GRP20 > > [fw2-quick-mode] > DOI= IPSEC > EXCHANGE_TYPE= QUICK_MODE > Suites= QM-ESP-AESGCM-SHA2-SUITE > > [QM-ESP-AESGCM-256-SHA2-SUITE] > TRANSFORM_ID= AESGCM > ENCAPSULATION_MODE= TUNNEL > AUTHENTICATION_ALGORITHM= HMAC_SHA2 > GROUP_DESCRIPTION= EC_384 > Life= LIFE_3600_SECS > > using this configuration I get the following error: > isakmpd[30247]: exchange_run: doi->initiato > > Thanks in advance, > -Motty
