1. OpenBSD 4.3 is unsupported. 4.4 will lose support on October 1, when 4.6 is released.
2. Each OpenBSD system you are running already had a public/private key pair for use with isakmpd. It got created by rc(8) the very first time the OS was run in multi-user mode. (At 4.5, which you are not running, the key length was increased to 2048 bits.) See /etc/rc for the specific openssl command, which used the genrsa option. If you delete the key pair you manually recreated, and just reboot, /etc/rc will recreate the key pair(s). It is possible your manual activity has produced an incorrect or inappropriate key.
3. Make sure you're using the remote IP address for the name of the public key half. e.g.: For Network A (at 1.2.3.4) that communicates with Network B (at 5.6.7.8), the public key-half obtained from B should be stored in /etc/isakmpd/pubkeys/ipv4/5.6.7.8 -- I mention it because that is not completely clear from your problem description. And, confirm the content is the public key that matches what is in Network B's /etc/isakmpd/local.pub file. Lastly, be sure the file is named "5.6.7.8" and not placed in a *directory* named 5.6.7.8. It may be obvious, but I've had conversation with at least one other person who misunderstood and instead had something like /etc/isakmpd/pubkeys/ipv4/5.6.7.8/local.pub -- that can't work.
|