Has anyone got ipsec.conf/ipsecctl to interop with Windows XP? I had this working flawlessly with my isakmpd.conf, but rather like the new syntax and want to switch.
I have it to the point of giving me this message when I start isakmpd with '-K -d -vvv' 090413.992346 Default isakmpd: phase 1 done: initiator id /C=CA/ST=Ontario/L=Sault Ste. Marie/O=Clean North/[EMAIL PROTECTED], responder id c0a82101: 192.168.33.1, src: 192.168.33.1 dst: 192.168.33.151 But no tunnels are created and no more messages are displayed. My ipsec.conf looks like this (tried with and without the 'quick...' line: ike passive esp from any to 0.0.0.0 main auth hmac-sha1 enc 3des-cbc \ quick auth hmac-sha1 enc 3des-cbc \ group modp1024 And the isakmpd.conf (working) it replaces looks like this: [Phase 1] Default= ISAKMP-peer-WI [Phase-1-ID] ID-type= USER_FQDN Name= [EMAIL PROTECTED] [ISAKMP-peer-WI] Phase= 1 Transport= udp Configuration= Default-main-mode ID= Phase-1-ID [Default-main-mode] DOI= IPSEC EXCHANGE_TYPE= ID_PROT Transforms= 3DES-SHA-RSA [Default-quick-mode] DOI= IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-AES-SHA-PFS-SUITE [3DES-SHA-RSA] ENCRYPTION_ALGORITHM= 3DES_CBC HASH_ALGORITHM= SHA AUTHENTICATION_METHOD= RSA_SIG GROUP_DESCRIPTION= MODP_1024 Life= LIFE_28800_SECS [LIFE_28800_SECS] LIFE_TYPE= SECONDS LIFE_DURATION= 28800,600:36000 Is there anyone who knows the magic sauce I'm failing to sprinkle on this setup? I would be grateful for any assistance. Thanks. -Dan -- "Burnished gallows set with red Caress the fevered, empty mind Of man who hangs bloodied and blind To reach for wisdom, not for bread." -- Deoridhe Grimsdaughter