I am trying to setup a simple vpn between two networks using ipsecctl. One side is running 3.8 release, the other 3.8 stable. On both sides I have copied over /etc/isakmpd/private/local.pub to /etc/isakmpd/pubkeys/ ipv4/remote.ip.add.ress and run isakmpd -K and then ipsecctl -f /etc/ ipsec.conf. The ipsec.conf files look like this:
ike esp from 172.23.140.0/24 to 172.23.160.0/21 peer 1.1.1.1 and ike esp from 172.23.160.0/21 to 172.23.140.0/24 peer 2.2.2.2 1.1.1.1 and 2.2.2.2 are obviously the real external IPs of the two gateways. In /var/log/daemon I get isakmpd[4906]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id ac17a000/fffff800: 172.23.160.0/255.255.248.0, responder id ac178c00/ffffff00: 172.23.140.0/255.255.255.0 isakmpd[4906]: dropped message from 1.1.1.1 port 500 due to notification type NO_PROPOSAL_CHOSEN isakmpd [4906]: transport_send_messages: giving up on exchange IPsec-172.23.140.0/24-172.23.160.0/21, no response from peer 1.1.1.1:500 Adam
