I got it to work exactly as you suggested using isakmpd.conf. It took me quite a bit of searching to find the correct sort of syntax for that file to achieve what I wanted but it now allows me to connect.
But I've run into another issue that I cannot resolve myself. Once I connect from ANY client, I can only move data on the VPN for a few seconds then it goes dead. I thought it might be an MTU issue, but I tried setting the MRU setting fairly low in npppd and that didn't solve it. I tried setting skip on enc0 as well as pppx0 in pf rules and that didn't work either. What else could I be missing? Why would it work, but only briefly? Sly On 04/03/2016 05:38 AM, Stuart Henderson wrote: >> On 2016-04-01, Sly Midnight <[email protected]> wrote: >>> I am wondering is there a way to allow either via /etc/ipsec.conf or >>> /etc/isakmpd/isakmpd.policy to configure a road warrior type of IPsec VPN >>> access to my router that accomodates multiple types of IPsec clients that >>> regrettably have limitations in the auth/enc/DH groups they support. >> auth/enc: yes, but you will need isakmpd.conf, ipsec.conf is not flexible >> enough. >> >> groups will be a problem: see BUGS in isakmpd.conf(5).
