And I should mention, that in the "any to any" case you can not use -K and you have to specify an isakmpd.policy file.
On Wed, Aug 15, 2007 at 10:37:59PM +0200, Hans-Joerg Hoexer wrote: > On Mon, Aug 13, 2007 at 01:30:11AM +0300, Sergey Prysiazhnyi wrote: > > ike dynamic from any to any \ > > main auth hmac-sha1 enc aes group modp1024 \ > > quick auth hmac-sha1 enc aes psk secret > > > > ; ike passive, ike passive esp, ike esp, etc - no results. > > On the openbsd gateway you need something like this > > ike passive from any to 10.1.1.0/24 \ > main auth hmac-sha1 enc 3des group modp1024 \ > quick auth hmac-sha1 enc 3des psk secret > > The default transform of the greenbowclient for phase 1 is > 3des/sha1/modp1024, for phase 1 3des/sha1.
