I'm trying to setup an ipsec tunnel between an openbsd and a windows box using X.509 certificates. Phase 1 gets successfully negotiated but then things crap out at step 1 of phase 2 and I don't have a clue what's wrong. Any thoughts?
Isakmpd debug messages just after phase 1 is negotiated and ipsec.conf are as follows: ipsec.conf: ike dynamic esp tunnel from 192.168.0/8 to any \ srcid home dstid work ike dynamic esp tunnel from any to 192.168.0/8 \ srcid work dstid home isakmpd output using 'isakmpd -KvdD A=50' 191751.046228 Timr 10 timer_add_event: event exchange_free_aux(0x7df9b500) added before sa_soft_expire(0x85229200), expiration in 120s 191751.047319 Exch 10 exchange_establish_p2: 0x7df9b500 <unnamed> <no policy> policy initiator phase 2 doi 1 exchange 5 step 0 191751.049266 Exch 10 exchange_establish_p2: icookie 395faa725fd4c3b3 rcookie 8e784c12cb6b04bd 191751.050294 Exch 10 exchange_establish_p2: msgid 47ef99ad sa_list 191751.052677 Cryp 50 crypto_init_iv: initialized IV: 191751.054075 Cryp 50 033b6e99 5e66c7ba 8efd5d22 8ffe8567 191751.055068 Cryp 30 crypto_encrypt: before encryption: 191751.057166 Cryp 30 0b000018 68790ed1 9f0d6417 66838f05 de3393d7 9ec6dcb3 00000020 00000001 191751.058368 Cryp 30 01108d28 395faa72 5fd4c3b3 8e784c12 cb6b04bd 00003340 00000000 00000000 191751.060004 Cryp 30 crypto_encrypt: after encryption: 191751.061996 Cryp 30 bb6cda82 ec0c809f eac5e496 3102dffb 726b62a3 9f0d19e6 624ee717 c65f1486 191751.063409 Cryp 30 a35e8fb2 c9a6b8c8 2d03723f 7d6d0c68 909c42ea 0bf57a7f d8c817ce 070b8719 191751.064686 Cryp 50 crypto_update_iv: updated IV: 191751.066224 Cryp 50 909c42ea 0bf57a7f d8c817ce 070b8719 191751.068932 Exch 40 exchange_run: exchange 0x7df9b500 finished step 0, advancing... 191751.069968 Timr 10 timer_add_event: event dpd_check_event(0x85229200) added before connection_checker(0x8522a060), expiration in 5s 191751.072222 Exch 10 exchange_finalize: 0x7df9b500 <unnamed> <no policy> policy initiator phase 2 doi 1 exchange 5 step 1 191751.073402 Exch 10 exchange_finalize: icookie 395faa725fd4c3b3 rcookie 8e784c12cb6b04bd 191751.074675 Exch 10 exchange_finalize: msgid 47ef99ad sa_list 191751.076166 Timr 10 timer_remove_event: removing event exchange_free_aux(0x7df9b500) 191751.077610 Mesg 20 message_free: freeing 0x7df9e000 191756.083274 Timr 10 timer_handle_expirations: event dpd_check_event(0x85229200) 191756.084314 Mesg 10 dpd_check_event: peer not responding, retry 2 of 5