From ec17add7bc79551b55da5b3f390fa5e620127244 Mon Sep 17 00:00:00 2001 From: Alexander Bluhm Date: Tue, 1 Jul 2008 15:00:55 +0000 Subject: Isakmpd acquire mode did not work with a config generated from ipsec.conf. The config created by isakmpd dynamically was different from the config that ipsecctl generated out of ipsec.conf. Both config formats are changed so that they match. One needs a passive ike line and a require flow line with the same parameters in the ipsec.conf. Then the acquire message generated by the kernel will trigger isakmpd to generate a config that matches the one that ipsecctl generated from the ike line. ok hshoexer, 'sounds good' todd --- regress/sbin/ipsecctl/ikefail6.ok | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'regress/sbin/ipsecctl/ikefail6.ok') diff --git a/regress/sbin/ipsecctl/ikefail6.ok b/regress/sbin/ipsecctl/ikefail6.ok index 373f800c289..d71e7b12eea 100644 --- a/regress/sbin/ipsecctl/ikefail6.ok +++ b/regress/sbin/ipsecctl/ikefail6.ok @@ -2,13 +2,13 @@ ipsecctl: illegal transform aes C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force C set [peer-2.2.2.2]:Phase=1 force C set [peer-2.2.2.2]:Address=2.2.2.2 force -C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force -C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force -C add [mm-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force -C set [IPsec-1.1.1.1-2.2.2.2]:Phase=2 force -C set [IPsec-1.1.1.1-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force -C set [IPsec-1.1.1.1-2.2.2.2]:Configuration=qm-1.1.1.1-2.2.2.2 force -C set [IPsec-1.1.1.1-2.2.2.2]:Local-ID=lid-1.1.1.1 force -C set [IPsec-1.1.1.1-2.2.2.2]:Remote-ID=rid-2.2.2.2 force -C set [qm-1.1.1.1-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force -C set [qm-1.1.1.1-2.2.2.2]:Suites=QM-AH- \ No newline at end of file +C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force +C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force +C add [phase1-peer-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force +C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force +C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force +C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force +C set [from-1.1.1.1-to-2.2.2.2]:Local-ID=from-1.1.1.1 force +C set [from-1.1.1.1-to-2.2.2.2]:Remote-ID=to-2.2.2.2 force +C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force +C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=QM-AH- \ No newline at end of file -- cgit v1.2.3