Hi, On Mon, Sep 03, 2007 at 12:59:48PM +0100, Josi Costa wrote: > > Sep 3 13:49:55 obsd1 isakmpd[1074]: dropped message from 172.26.10.83 > port 500 due to notification type NO_PROPOSAL_CHOSEN > Sep 3 13:49:55 obsd1 isakmpd[1074]: responder_recv_HASH_SA_NONCE: > KEY_EXCH payload without a group desc. attribute > Sep 3 13:49:55 obsd1 isakmpd[1074]: dropped message from 172.26.10.83 > port 500 due to notification type NO_PROPOSAL_CHOSEN > Sep 3 13:49:55 obsd1 isakmpd[1074]: responder_recv_HASH_SA_NONCE: > KEY_EXCH payload without a group desc. attribute
isakmpd does not like the transforms for phase 2 proposed by the other peer. It seems, that phase 2 has no group description. > > --- /etc/ipsec.conf --- > > ike dynamic esp from 10.0.0.0/24 to 10.0.1.0/24 peer 172.26.10.83 \ > main auth hmac-sha1 enc 3des group modp1024 \ > quick auth hmac-sha1 enc 3des \ > psk teste tag teste > > In the ISA Server is configured correctly for the Phase-1 and Phase-2 > encriptions and auths. > > Any help here? > > > On 8/31/07, Jeff Quast <[EMAIL PROTECTED]> wrote: > > I tried to learn with HOWTO's, I didnt have the internet at home at > > the time. I printed out maybe 50 pages of various HOWTO's. > > > > When I got home, I found none of them were up to date with the current > > (easy) capabilities of OpenBSD using ipsec.conf and ipsecctl... I > > ended up learning how to do ipsec with just the manuals. > > > > You'd be amazed how easy it went. > > > > On 8/31/07, JosC) Costa <[EMAIL PROTECTED]> wrote: > > > Hello, > > > > > > Anyone knows a really good IPSec howto besides the man pages?