Stuart Henderson wrote:
> On 2007/04/24 15:49, Steven Surdock wrote:
>> Steven Surdock wrote:
...
>
> Are auth/encryption the same for both tunnels? I believe that may be
> necessary for main mode.
>
> You can check that ipsec.conf is being parsed how you expect with
> 'ipsecctl -nvf /etc/ipsec.conf' (it will output the generated
> isakmpd.conf-style sections which are fed to isakmpd's fifo);
> this may give some clues.

And it did.  Thanks!  I again checked against the configured transforms
and indeed I had a mismatch.  What confused me was that the first tunnel
came up - apparently with a mismatch in transform.  Thanks again!

Reply via email to