VPN Connection from 4.1 to WatchGuard

[James Lepthien]

Hi,

I have set  up a vpn from my OpenBSD Box (4.1-current) to our company  
WatchGuard X700. My problem is that the re-keying
isn't always working and my tunnel does not come up if I send traffic  
to the destination network. I must manually
restart the isakmpd and then start the tunnel by using ipsecctl -f / 
etc/ipsec.conf. I see some strange errors in my /var/log/messages
even when the tunnel is up. What do these errors mean?:
Aug  9 01:52:40 voldemort isakmpd[20491]: attribute_unacceptable:  
ENCRYPTION_ALGORITHM: got 3DES_CBC, expected AES_CBC

Aug  9 02:02:07 voldemort isakmpd[20491]: sendmsg (20,  
0x7f7ffffe3ba0, 0): No buffer space available
Aug  9 02:02:07 voldemort isakmpd[20491]: transport_send_messages:  
giving up on exchange IPsec-MY_EXTERNAL_IP-PEER_EXTERNAL_IP, no  
response from peer PEER_EXTERNAL_IP:500
Aug  9 02:02:07 voldemort isakmpd[20491]: sendmsg (20,  
0x7f7ffffe3ba0, 0): No buffer space available
Aug  9 02:02:07 voldemort isakmpd[20491]: transport_send_messages:  
giving up on exchange IPsec-MY_EXTERNAL_IP-194.25.138.0/24, no  
response from peer PEER_EXTERNAL_IP:500
Aug  9 02:04:07 voldemort isakmpd[20491]: transport_send_messages:  
giving up on exchange IPsec-MY_EXTERNAL_IP-PEER_EXTERNAL_IP, no  
response from peer PEER_EXTERNAL_IP:500
Aug  9 02:04:07 voldemort isakmpd[20491]: transport_send_messages:  
giving up on exchange IPsec-MY_EXTERNAL_IP-194.25.138.0/24, no  
response from peer PEER_EXTERNAL_IP:500
Aug  9 02:06:07 voldemort isakmpd[20491]: transport_send_messages:  
giving up on exchange IPsec-MY_EXTERNAL_IP-PEER_EXTERNAL_IP, no  
response from peer PEER_EXTERNAL_IP:500
Aug  9 02:06:07 voldemort isakmpd[20491]: transport_send_messages:  
giving up on exchange IPsec-MY_EXTERNAL_IP-194.25.138.0/24, no  
response from peer PEER_EXTERNAL_IP:500
Aug  9 02:07:56 voldemort isakmpd[20491]: sendmsg (20,  
0x7f7ffffe3ba0, 0): No buffer space available
Aug  9 02:07:56 voldemort isakmpd[20491]: sendmsg (20,  
0x7f7ffffe3ba0, 0): No buffer space available
MY_EXTERNAL_IP

My ipsec.conf looks like this:

ike esp from $ext_IP to $peer_GW
ike esp from $ext_IP to $peer_LAN peer $peer_GW
ike esp from $int_LAN to $peer_LAN \
  peer $peer_GW \
  main auth hmac-sha1 enc 3des group modp1024 \
  quick auth hmac-sha1 enc 3des group none \
  psk "XXXX"

Any help is highly appreciated.

Cheers,
James