After changing the policy to: KeyNote-Version: 2 Comment: This policy accepts ESP SAs from a remote that uses the right password $OpenBSD: policy,v 1.6 2001/06/20 16:36:19 angelos Exp $ $EOM: policy,v 1.6 2000/10/09 22:08:30 angelos Exp $ Authorizer: "POLICY" Licensees: "passphrase:keinpasswort" #Conditions: app_domain == "IPsec policy" && # esp_present == "yes" && # esp_enc_alg == "aes" && # esp_auth_alg == "hmac-sha" -> "true"; i get another error: bruehe:/etc/isakmpd# isakmpd -d 104948.995307 Default pf_key_v2_flow: SPDADD: Invalid argument (on both sides) what am I missing now? Nico Jean-Francois Dive [Wed, Aug 27, 2003 at 07:35:48AM +0200]: > The kernel changes have nothing to do wit this, this is SA negotiation > issue (purely process level). When i updated the debian package, i > noticed that sometime the keynote policy check failed for no reason. Try > to define an accept all in the policy file and it should work properly, > this as a workaround. when will you fix it ? :) Nico
Attachment:
pgp00088.pgp
Description: PGP signature
