Using OpenBSD's isakmpd in FreeBSD
Ralf Hornik Mailings
ralf at best.homeunix.org
Thu Jul 17 14:14:16 UTC 2008
Dear List,
I want to switch my routers from openbsd to freebsd and use the port
of isakmpd for my
vpn tunnels. But when I want to use my config from openbsd, isakmpd
doesn't seem to
configure aes in phase I proposal.
The corresponding configentry is:
[Default-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= AES-SHA-GRP5-RSA_SIG
starting isakmpd shows up:
ike_phase_1_initiator_send_SA: section [AES-SHA-GRP5-RSA_SIG] has
unsupported attribute(s)
When I use 3des insteed, isakmpd starts without errors. But I MUST
use aes in phase I
because all remote peers use it, I cannot change them all. Has
anybody an idea, why
isakmpd won't use aes in phase I but in phase II?
Thank you and best Regards
Ralf
--
alles bleibt anders...
More information about the freebsd-questions
mailing list