Yes, again... I am trying to set up VPN using IPSec, right now very basic setup, and it doesn't work as expected. Hosts being involved are keibi that acts as server, and trying to connect to it laptop sentan. ipsec.conf on keibi: ike passive esp from any to any \ srcid [EMAIL PROTECTED] dstid [EMAIL PROTECTED]
ipsec.conf on sentan: ike dynamic esp from egress to any peer keibi.my.domain \ srcid [EMAIL PROTECTED] dstid [EMAIL PROTECTED] local.pub from sentan copied onto both hosts to /etc/isakmpd/pubkeys/ufqdn/[EMAIL PROTECTED], from keibi onto both hosts to /etc/isakmpd/pubkeys/ufqdn/[EMAIL PROTECTED] On sentan in tcpdump I see some isakmp exchange... yet the only result from that is the following messages in keibi's /var/log/messages: Dec 17 14:07:10 keibi isakmpd[27563]: responder_recv_HASH_SA_NONCE: KEY_EXCH payload without a group desc. attribute Dec 17 14:07:10 keibi isakmpd[27563]: dropped message from 192.168.9.196 port 4500 due to notification type NO_PROPOSAL_CHOSEN Dec 17 14:07:10 keibi isakmpd[27563]: responder_recv_HASH_SA_NONCE: KEY_EXCH payload without a group desc. attribute Dec 17 14:07:10 keibi isakmpd[27563]: dropped message from 192.168.9.196 port 4500 due to notification type NO_PROPOSAL_CHOSEN Dec 17 14:07:10 keibi isakmpd[27563]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 0a11e980: 10.17.233.128, responder id 00000000/00000000: 0.0.0.0/0.0.0.0 Dec 17 14:07:10 keibi isakmpd[27563]: dropped message from 192.168.9.196 port 4500 due to notification type NO_PROPOSAL_CHOSEN What am I doing wrong? I thought with that setup it should work, and I did have it working with something very similiar some time ago... Both boxes are: OpenBSD 4.0-current (GENERIC) #1269: Fri Dec 15 17:00:17 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC -- viq
