Hi all,
I have a problem to get a stable IPsec connection running from my OpenBSD
4.1 host to some kind of VPN appliance.
ike active esp from 192.168.27.0/24 to 192.168.0.0/16 \
local 223.150.201.44 peer 34.123.15.43 \
main auth hmac-md5 enc 3des group grp2 \
quick auth hmac-md5 enc aes group modp1024 \
psk "MySecretPassPhrase"
ipsecctl -s all shows me the flows in and out and the SAD' too, and
netstat -rn -f encap shows me a route too. But in /var/log/messages I see
the following:
Jun 15 07:56:15 vpn1 isakmpd[21808]: message_negotiate_sa: no compatible
proposal found
Jun 15 07:56:15 vpn1 isakmpd[21808]: dropped message from 34.123.15.43 port
500 due to notification type
And after some minutes (or hours, don't know exactly) the tunnel is vanished
from netstat -rn -f encap and ipsecctl -s all.
How does the tunnel show up in the routing, and ipsecctl -s all, when "no
compatible proposal found"?
Do I can find out when I start with debug output, what the right proposal
would be ?
kind regards
Sebastian
