From owner-freebsd-questions@FreeBSD.ORG  Sat Aug 28 00:19:59 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F262516A4E4
	for <freebsd-questions@freebsd.org>;
	Sat, 28 Aug 2004 00:19:58 +0000 (GMT)
Received: from viper4.dataraq.net (viper4.dataraq.net [209.218.168.27])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4ECD043D1F
	for <freebsd-questions@freebsd.org>;
	Sat, 28 Aug 2004 00:19:58 +0000 (GMT)
	(envelope-from aj@siegel-tech.net)
Received: (qmail 90685 invoked from network); 28 Aug 2004 00:20:43 -0000
Received: from pcp09609084pcs.brodwy01.nm.comcast.net (HELO ?192.168.245.12?)
	(69.241.168.76)
	by viper4.dataraq.net with SMTP; 28 Aug 2004 00:20:43 -0000
From: Aaron Siegel <aj@siegel-tech.net>
To: freebsd-questions@freebsd.org
Date: Fri, 27 Aug 2004 18:19:49 -0600
User-Agent: KMail/1.6.2
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <200408271819.49729.aj@siegel-tech.net>
Subject: IPSEC Problems
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Aug 2004 00:19:59 -0000

Hello

I am stumped I am try to get a very simple IPSEC tunnel between my laptops and 
gateway.  I can not seem to get the IKE to authenticate.  I have had this 
working in with my other server which has been moved to a new location. I 
have a FreeBSD 4.10 Stable server and an 5.2.1 Release. I am aware of the 
problems with 5.2.1. I am not sure what I am missing. Is there a problem with 
4.10 Stable?  Both,  my Window XP machine and FreeBSD 5.2.1 are able to 
create a link with my new server, both of these computers were working with 
my old server.    

  I have been able to setup a link between this computer and with my other 
server. I have listed my configuration bellow

Thank you,
Aaron


Laptop config

/etc/ipsec.conf
spdadd 192.168.245.12/32 0.0.0.0/0 tcp -P out ipsec
esp/tunnel/192.168.245.12-192.168.245.1/require;
spdadd 0.0.0.0/0 192.168.245.12/32 tcp -P in ipsec
esp/tunnel/192.168.245.1-192.168.245.12/require;


I have copied the racoon.conf.dist file to /usr/local/etc/racoon/racoon.conf I 
have change the "life time" parameter to "1 hour"

/usr/local/etc/racoon/psk.txt
192.168.245.1    Secret Key

Kernel
options	 IPSEC
options	 IPSEC_ESP
options	 IPSEC_DEBUG

Server

/etc/ipsec.conf
spdadd 192.168.245.12/32 0.0.0.0/0 tcp -P in ipsec
esp/tunnel/192.168.245.12-192.168.245.1/require;
spdadd 0.0.0.0/0 192.168.245.12/32 tcp -P out ipsec
esp/tunnel/192.168.245.1-192.168.245.12/require;

spdadd 192.168.245.15/32 0.0.0.0/0 any -P in ipsec
esp/tunnel/192.168.245.15-192.168.245.1/require;
spdadd 0.0.0.0/0 192.168.245.15/32 any -P in ipsec
esp/tunnel/192.168.245.1-192.168.245.15/require;

 I have copied the racoon.conf.dist file to /usr/local/etc/racoon/racoon.conf 
I have change the "life time" parameter to "1 hour"

/usr/local/etc/racoon/psk.txt
192.168.245.12    Secret Key
192.168.245.15    Secret Key
 
Kernel
options	FAST_IPSEC