On 2007/04/24 15:49, Steven Surdock wrote: > Steven Surdock wrote: > > Greetings, I recently converted from isakmpd.conf to ipsec.conf and I > > seem to be having problem bringing up a second tunnel to a PIX. It > > _appears_ that the OBSD side is trying to use the default hmac > > (sha2_256) even though it is configured to use md5 for the second > > tunnel. Oddly, the first tunnel comes up fine. Any insight or > > trouble-shooting tips would be appreciated. BTW, Is there > > anyway to see > > what flows have been "configured"? "ipsecctl -sf" seemed to > > only show a > > flow when phase I was complete. > > > > No answers? Rats! Can anyone confirm that they have multiple tunnels > using ipsec.conf to a non-OBSD box with non-OBSD-default IPSec > auth/encryption? Otherwise I guess I'll have to experiment more...
Are auth/encryption the same for both tunnels? I believe that may be necessary for main mode. You can check that ipsec.conf is being parsed how you expect with 'ipsecctl -nvf /etc/ipsec.conf' (it will output the generated isakmpd.conf-style sections which are fed to isakmpd's fifo); this may give some clues.
