[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: isakmpd question

To: misc@openbsd.org
Subject: Re: isakmpd question
From: Waldemar Brodkorb <wbx@openbsd.de>
Date: Wed, 1 Sep 2004 13:33:27 +0200
Content-Disposition: inline
Mail-Followup-To: misc@openbsd.org
References: <1094036486.13336.115.camel@localhost>
User-Agent: Mutt/1.5.6i

Hi,
Wolfgang Pichler wrote,

> hi all,
> 
> i am trying to get a vpn tunnel to a Checkpoint NG FP3 working.
> 
> They are using:
> Phase 1:
>  - AES-256
>  - SHA1
>  - DH Group 2
>  - Authentication Shared
>  - no aggressive Mode
> 
> Phase 2:
>  - AES-128
>  - SHA1
>  - Lifetime 3600sec
>  - no ip compression
>  - PFS
>  - DH Group 2
>  - Key Exchange for Subnets
> 
> i am getting this error message:
> exchange_run: doi->initiator (0x3c12b000) failed
> and the tunnel don't gets established

I do not know why this happens, but I yesterday encountered the same
problem with OpenBSD 3.5 as Client. Server is OpenS/WAN 2.2 which
accepts 3DES and AES in Phase1 and Phase2. 
3DES works fine, but AES fails with the same problem.
Other Clients like racoon are working fine with AES, so I think
its a configuration mistake or bug in isakmpd.

I will try a snapshot as soon I get to the machine again.

good luck
    Waldemar

Follow-Ups:
- Re: isakmpd question
  - From: "Peter Galbavy" <peter.galbavy@knowtion.net>

References:
- isakmpd question
  - From: Wolfgang Pichler <madmin@dialog-telekom.at>

Prev by Date: [OT OBSD Programming] kill cu processes
Next by Date: Наша цель научить всю Россию еще ближе!МЫШЛЕНИЕ ПРОИЗНОШЕНИЕ СТИЛЬ РЕЧИ rlryg
Prev by thread: isakmpd question
Next by thread: Re: isakmpd question
Index(es):
- Date
- Thread