I restart isakmpd on both hosts whenever I change ipsec.conf, and check
that ipsecctl -s sa is empty afterwards. To be sure, I just tried
rebooting both hosts--surely the SAD doesn't persist across reboot--and
I got the same results.
On 2015-12-31 07:34:25 +0000, Philipp Buehler said:
Am 31.12.2015 06:56 schrieb Julian Hsiao:
How do I configure isakmpd such that phase 2 parameters must also
match on both ends in order to establish security associations?
Just a guess, but do:
echo r > /var/run/isakmpd.fifo
and look into the /var/run/isakmpd.report
My bet is, that you had a hmac-md5 configured earlier and did not unload this
before the hmac2 was loaded.
ipsecctl simply ADDs configurations to isakmpd (unless -d), e.g. this:
$ sudo isakmpd -L
$ sudo ipsecctl -f /etc/ipsec.conf
$ sudo vi /etc/ipsec.conf #change to something "lesser"
$ sudo ipsecctl -f /etc/ipsec.conf
now you have TWO running configurations in isakmpd both matching proposals.
