Can you show me the output of "ipsecctl -nvf ..." on both machines.
HJ. On Wed, Feb 22, 2006 at 01:08:39PM -0500, Adam wrote: > I am trying to setup a simple vpn between two networks using ipsecctl. > One side is running 3.8 release, the other 3.8 stable. On both sides I > have copied over /etc/isakmpd/private/local.pub to /etc/isakmpd/pubkeys/ > ipv4/remote.ip.add.ress and run isakmpd -K and then ipsecctl -f /etc/ > ipsec.conf. The ipsec.conf files look like this: > > ike esp from 172.23.140.0/24 to 172.23.160.0/21 peer 1.1.1.1 > and > ike esp from 172.23.160.0/21 to 172.23.140.0/24 peer 2.2.2.2 > > 1.1.1.1 and 2.2.2.2 are obviously the real external IPs of the two > gateways. > > In /var/log/daemon I get > > isakmpd[4906]: responder_recv_HASH_SA_NONCE: peer proposed invalid > phase 2 IDs: initiator id ac17a000/fffff800: > 172.23.160.0/255.255.248.0, responder id ac178c00/ffffff00: > 172.23.140.0/255.255.255.0 > isakmpd[4906]: dropped message from 1.1.1.1 port 500 due to > notification type NO_PROPOSAL_CHOSEN > isakmpd [4906]: transport_send_messages: giving up on exchange > IPsec-172.23.140.0/24-172.23.160.0/21, no response from peer > 1.1.1.1:500 > > Adam