Date: Thu, 17 Jul 2008 16:00:27 +0200 From: "Ralf Hornik Mailings" <ralf@best.homeunix.org> To: freebsd-questions@freebsd.org Subject: Using OpenBSD's isakmpd in FreeBSD Message-ID: <20080717160027.13371z3sdsm60z9c@www.ralf-hornik.de>
next in thread | raw e-mail | index | archive | help
Dear List, I want to switch my routers from openbsd to freebsd and use the port of isakmpd for my vpn tunnels. But when I want to use my config from openbsd, isakmpd doesn't seem to configure aes in phase I proposal. The corresponding configentry is: [Default-main-mode] DOI= IPSEC EXCHANGE_TYPE= ID_PROT Transforms= AES-SHA-GRP5-RSA_SIG starting isakmpd shows up: ike_phase_1_initiator_send_SA: section [AES-SHA-GRP5-RSA_SIG] has unsupported attribute(s) When I use 3des insteed, isakmpd starts without errors. But I MUST use aes in phase I because all remote peers use it, I cannot change them all. Has anybody an idea, why isakmpd won't use aes in phase I but in phase II? Thank you and best Regards Ralf -- alles bleibt anders...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080717160027.13371z3sdsm60z9c>