On Tue, Apr 29, 2008 at 08:56:57PM -0400, Christopher Sean Hilton wrote:
> Hi,
>
> I'm trying to connect a Netgear FVS114 to my OpenBSD 4.2 machine. I seem to
> be stuck getting the following three error lines when I use isakmpd -K -d
>
> 205022.882116 Default attribute_unacceptable: AUTHENTICATION_METHOD: got
> PRE_SHARED, expected RSA_SIG
> 205022.882456 Default message_negotiate_sa: no compatible proposal found
> 205022.882710 Default dropped message from 76.252.200.204 port 500 due to
> notification type NO_PROPOSAL_CHOSEN
>
> I'm assuming that the problem is that OpenBSD is insisting on using RSA_SIG
> for authentication and my Netgear box want to use PRE_SHARED keys. While I
> want to have RSA authentication in the long run it's quite a lot of steps
> and I'd like to have an intermediate configuration with pre shared keys.
>
> How do I configure that in isakmpd?
If you are using ipsec.conf(5), see "psk".
If you are using isakmpd.conf, and for some reason can't/don't want to
switch to the much nicer ipsec.conf(5), see isakmpd.conf(5),
"Authentication" under "ISAKMP-peer".
If neither of the above is helpful, feel free to send your
configuration...
Joachim
--
TFMotD: sha1 (1) - calculate a message-digest fingerprint (checksum) for
a file
