On Fri, Dec 17, 2004 at 11:29:52AM +0100, Emmanuel Dreyfus wrote:
> 
> Using the patch below, I was able to establish a phase 2 SA with
> rijndael-cbc between ipsec-tools racoon and KAME racoon (both hosts
> running NetBSD). Does that fix the issue for you?  
> 

A similar change I made fixed my AES problems.

Still can't get over this though (with Cisco vpn-client 4.0.5(c)):

 ERROR: Hybrid auth negotiated but peer did not succeed Xauth
 exchange

But that's probably some mistake I've made in the configuration. 

-- 
jht