On Fri, Aug 29, 2008 at 11:02:18PM +0000, Stuart Henderson wrote: > Now someone would like to add a device which (like some other devices > connecting to this machine) is not on a fixed address so it needs to > use the "to any" rule. Though it supports AES in phase 2, only DES or > 3DES are permitted in phase 1 (which of course is already set to AES > on other devices).
just checked isakmpd.conf(5), it says you can have a list of proposed transforms (instead of just one). but i do recall for certain that i NEVER got that to work. any list of anything, i never got to work; transform lists, the thing where you're supposed to be able to specify a range of time/byte durations, etcetc.... :/ -- jared
