[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IPsec and racoon in tunnel-mode
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
possibly somone can help me. i'm trying to secure a connection between two
hosts. i'v configured setkey:
- -----------------------------------------------------------------------
# /usr/sbin/setkey -f
# Flush the SAD and SPD
flush;
spdflsuh;
spdadd 192.168.1.10[any] 192.168.1.12[any] any -P out ipsec
esp/transport/192.168.1.10-192.168.1.12/require
ah/transport/192.168.1.10-192.168.1.12/require;
spdadd 192.168.1.12[any] 192.168.1.10[any] any -P in ipsec
esp/transport/192.168.1.12-192.168.1.10/require
ah/transport/192.168.1.12-192.168.1.10/require;
- -----------------------------------------------------------------------
and racoon.conf
- -----------------------------------------------------------------------
remote 192.168.1.12
{
exchange_mode main;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group modp1024;
}
}
sainfo address 192.168.1.0/24 any address 192.168.1.0/24 any {
pfs_group modp768;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
- -----------------------------------------------------------------------
after starting racoon and trying to ping the other host, i get these messages
and no connection:
2004-03-12 22:58:19: DEBUG: pfkey.c:195:pfkey_handler(): get pfkey ACQUIRE
message
2004-03-12 22:58:19: DEBUG: pfkey.c:1548:pk_recvacquire(): suitable outbound
SP found: 192.168.1.12/32[0] 192.168.1.10/32[0] proto=any dir=out.
2004-03-12 22:58:19: DEBUG: policy.c:183:cmpspidxstrict(): sub:0xbffff480:
192.168.1.10/32[0] 192.168.1.12/32[0] proto=any dir=in
2004-03-12 22:58:19: DEBUG: policy.c:184:cmpspidxstrict(): db :0x809f490:
192.168.1.10/32[0] 192.168.1.12/32[0] proto=any dir=in
2004-03-12 22:58:19: DEBUG: pfkey.c:1564:pk_recvacquire(): suitable inbound SP
found: 192.168.1.10/32[0] 192.168.1.12/32[0] proto=any dir=in.
2004-03-12 22:58:19: DEBUG: pfkey.c:1603:pk_recvacquire(): new acquire
192.168.1.12/32[0] 192.168.1.10/32[0] proto=any dir=out
2004-03-12 22:58:19: ERROR: pfkey.c:1633:pk_recvacquire(): failed to get
sainfo.
can smeone help me please ?
what i've done wrong ?
thx
Frank
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iQCVAwUBQFIyP/qrCi15ZonmAQLWAAP+JY5m+x+MX/UIYJL79Lo/y/rEP99aBqCZ
Rb/uPnREG9UI1wuq2fYA4cGmb9syM4PZodnN3h+8BSICNTtzkihDw5vSv/OdzLt4
9YAvVC0vGDQ296Al2Nlk9oHbo16tDB9fGnmXnhjM7H8iJ8GX/OEqn7N+JSmiAEk1
S4/Wq7Y6HN8=
=qnqC
-----END PGP SIGNATURE-----