Hello community, I wana do something like:

http://openbsd.org/papers/asiabsdcon07-ipsec/mgp00065.html

I have:

cat /etc/ipsec.conf

ike dynamic from any to any \
        main auth  hmac-sha1 enc aes group modp1024 \
	quick auth hmac-sha1 enc aes psk secret

; ike passive, ike passive esp, ike esp, etc - no results.

Client side:

http://www.thegreenbow.com/vpn.html

Server side:

isakmpd -4dKv && ipsecctl -F -f /etc/ipsec.conf : 

143203.134966 Default isakmpd: phase 1 done: initiator id c0a80321: 192.168.3.33, responder id 5851eaa2: XX.XX.XX.XX, src: XX.XX.XX.XX dst:
++YY.YY.YY.YY 
143203.154202 Default responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id c0a80321: 192.168.3.33, responder id
+0a0+10100/ffffff00: 10.1.1.0/255.255.255.0
143203.154348 Default dropped message from YY.YY.YY.YY port 59312 due to notification type NO_PROPOSAL_CHOSEN
143210.166313 Default responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id c0a80321: 192.168.3.33, responder id
+0a0+10100/ffffff00: 10.1.1.0/255.255.255.0

; In this case I'm not along: 
		      		http://marc.info/?l=openbsd-misc&m=118429600703803&w=2
		      		http://marc.info/?l=openbsd-misc&m=118434909801312&w=2 

Parts from /etc/pf.conf relating to Subj:

scrub in no-df

pass in on $ext_if proto udp to ($ext_if) port { 500 4500 }
pass in on $ext_if proto esp to ($ext_if)
pass on enc0 

Any ideas? Thoughts? Or maybe I'm just missed something? I sincerely appreciate any assistance.
Thank you.

PS: http://www.thegreenbow.com/vpn_faq.html - done, no results.
    http://www.allard.nu/openbsd/ - done, no results.

PS2: Tried with different algorithms : 3des, aes, etc - no results. System: OpenBSD 4.1-stable.

My continued thanks for any assistance,
    
-- 
Sergey Prysiazhnyi