On 2007/04/24 15:49, Steven Surdock wrote:
quoted text
> Steven Surdock wrote:
> > Greetings, I recently converted from isakmpd.conf to ipsec.conf and I
> > seem to be having problem bringing up a second tunnel to a PIX.  It
> > _appears_ that the OBSD side is trying to use the default hmac
> > (sha2_256) even though it is configured to use md5 for the second
> > tunnel.  Oddly, the first tunnel comes up fine.  Any insight or
> > trouble-shooting tips would be appreciated.  BTW, Is there
> > anyway to see
> > what flows have been "configured"?  "ipsecctl -sf" seemed to
> > only show a
> > flow when phase I was complete.
> >
> 
> No answers?  Rats!  Can anyone confirm that they have multiple tunnels
> using ipsec.conf to a non-OBSD box with non-OBSD-default IPSec
> auth/encryption?  Otherwise I guess I'll have to experiment more...

Are auth/encryption the same for both tunnels? I believe that may
be necessary for main mode.

You can check that ipsec.conf is being parsed how you expect with
'ipsecctl -nvf /etc/ipsec.conf' (it will output the generated
isakmpd.conf-style sections which are fed to isakmpd's fifo);
this may give some clues.