Apologies if this was already sent, I am having difficulty with my email
lately and this didn't look like it sent earlier.
Good morning everyone,
I am wondering is there a way to allow either via /etc/ipsec.conf or
/etc/isakmpd/isakmpd.policy to configure a road warrior type of IPsec
VPN access to my router that accomodates multiple types of IPsec clients
that regrettably have limitations in the auth/enc/DH groups they support.
For instance I am trying to get my IPsec/L2TP tunnel VPN working with
two separate clients that support it, but have weird limitations.
My Android phone only works when I set my ipsec.conf file to something
like the following:
ike passive esp transport \
proto udp from XXX.XXX.XXX.XXX to any port 1701 \
main auth "hmac-sha" enc "aes" group "modp1024" \
quick auth "hmac-sha" enc "aes" group "modp1024" \
psk "presharedkey"
But that won't work with my Chromebook which requires:
ike passive esp transport \
proto udp from XXX.XXX.XXX.XXX to any port 1701 \
main auth "hmac-md5" enc "aes" group "modp2048" \
quick auth "hmac-md5" enc "aes" group "modp2048" \
psk "presharedkey"
One requires md5 but only with modp2048 while the other might work with
md5, but only with modp1024. If I don't specify these options than
neither work so I have to, but doing so seems to limit me to one or the
other.
Is there any way I can specify both versions simultaneously? I don't
see anything in the various manpages about being able to allow multiple
transforms.
Any help would be greatly appreciated.
Sly
