John Jackson wrote:
It may also be worth noting that Debian has OpenBSD's isakmpd packaged,
'apt-get install isakmpd'. I've had success using isakmpd on Debian to
create VPN's between OpenBSD and Debian gateways.
Here is where I'm now:
Openswan's side:
conn lncjakarta-lncha
leftsubnet=192.168.9.0/24
left=LINUX_IP
right=BSD_IP
rightsubnet=10.50.0.0/24
authby=secret
auto=start
pfs=yes
ike=aes128-sha1-modp1024
esp=3des-sha1-96
BSD side:
ike esp tunnel from 10.50.0.0/24 to 192.168.9.0/24 peer LINUX_IP main
auth hmac-sha1 enc aes group modp1024 quick auth hmac-sha2-256 enc aes
group modp1024 psk "MYPSK"
Now the log shows:
Linux Side
STATE_MAIN.....
STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0xdb08bdcf
<0x57b31855 xfrm=3DES_0-HMAC_SHA1 NATD=none DPD=none}
The vpn seems to be apparently up
but .... getting such messages:
Quick Mode message is for a non-existent (expired?) ISAKMP SA
BSD side:
Default transport_send_messages: giving up on exchange
IPsec-10.50.0.0/24-192.168.9.0/24, no response from peer LINUX_IP:500
Any hint ?
Thanks
