Hi, thanks for answering to Mitja and you.
On Sat, 07.03.2009 at 19:28:09 +0100, Heinrich Rebehn <reb...@ant.uni-bremen.de> wrote: > Am 06.03.2009 um 22:56 schrieb Toni Mueller: >> 223644.842092 Plcy 30 keynote_cert_obtain: failed to open "/etc/ >> isakmpd/keynote//u...@road-warrior/credentials" >> 223644.842516 Default get_raw_key_from_file: monitor_fopen ("/etc/ >> isakmpd/pubkeys//ufqdn/u...@road-warrior", "r") failed: Permission >> denied > > ?? Permission denied? Could this be the problem? No, it couldn't. These files don't exist. I was able to find my own errors so far, as that now the correct certificate gets used. This is what I have, and had, for several years now. The problem was a missing semicolon in isakmpd.policy. I still get "no policy" errors while in state "INFO encrypted", which are imho hard to debug. If anyone has tips to share, I'd be very grateful. What I want to achieve (from my isakmpd.policy): Conditions: app_domain == "IPsec policy" && esp_present == "yes" && esp_enc_alg == "aes" && phase_1 == "main" && phase1_group_desc == "5" && esp_encapsulation == "tunnel" && ah_present == "no" && esp_auth_alg == "hmac-sha2-512" && esp_key_length == "256" && pfs == "yes" && some-checks-on-the-remote-ids -> "true"; But I don't know if Linux supports them all. OpenBSD <-> OpenBSD worked just fine... Kind regards, --Toni++