On 2010/11/27 23:47, Andrea Parazzini wrote: > On Fri, 26 Nov 2010 12:58:09 +0000 (UTC), Stuart Henderson> > <[email protected]> wrote: > > isakmpd.policy(5), and have some aspirin ready for the inevitable > > headache. > > > Stuart is right. > I tried to play with isakmpd.policy and it's rather complicated. > Reading the manuals again I noticed the -a option of isakmpd. > So my new configuration could be the following: > > /etc/rc.conf.local > ipsec=YES > isakmpd_flags="-a -K -v" > > /etc/ipsec.conf > ike active esp tunnel \ > from 10.1.0.0/16 to 192.168.90.0/24 \ > local A.B.C.D peer W.X.Y.Z \ > main auth hmac-sha1 enc 3des group modp1024 \ > quick auth hmac-sha1 enc 3des group modp1024 \ > psk "PRESHAREDKEY" > flow esp from 0.0.0.0/0 to 192.168.90.0/24 \ > local A.B.C.D peer W.X.Y.Z > > It might work? What do you think?
Hmm, yes it might do. If you test and find out, please let misc@ know :)
