Hello All,
is actually OpenBSD 4.8 not OpenBSD 5.5, I apologize for the mistake.
I still get the exchange_run: doi->initiator error, not even sure what
to look for.
Thanks,
Motty
On 01/16/2015 01:16 PM, mxb wrote:
Hey,
You probably want to start with ipsec.conf(5).
isakmpd.conf is generated out of ipsec.conf.
I think people running 5.4+ don’t even use it any more.
Br
//mxb
On 16 jan 2015, at 21:22, Motty Cruz <motty.c...@gmail.com> wrote:
Hello All,
I'm trying to setup IPSec Tunnel using the following parameters.
Phase 1
exchange encryption: AES256
Data Integrity: SHA256
DH: group 20
Agressive Mode
phase 2
encryption: AESGCM256
HASH: SHA384
I can't find examples to configure isakmpd.conf using parameters above.
[fw2-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= AES256-SHA2-GRP20
[fw2-quick-mode]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-AESGCM-SHA2-SUITE
[QM-ESP-AESGCM-256-SHA2-SUITE]
TRANSFORM_ID= AESGCM
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_SHA2
GROUP_DESCRIPTION= EC_384
Life= LIFE_3600_SECS
using this configuration I get the following error:
isakmpd[30247]: exchange_run: doi->initiato
Thanks in advance,
-Motty