Stuart Henderson wrote: > On 2007/04/24 15:49, Steven Surdock wrote: >> Steven Surdock wrote: ... > > Are auth/encryption the same for both tunnels? I believe that may be > necessary for main mode. > > You can check that ipsec.conf is being parsed how you expect with > 'ipsecctl -nvf /etc/ipsec.conf' (it will output the generated > isakmpd.conf-style sections which are fed to isakmpd's fifo); > this may give some clues.
And it did. Thanks! I again checked against the configured transforms and indeed I had a mismatch. What confused me was that the first tunnel came up - apparently with a mismatch in transform. Thanks again!