Date: Mon, 30 Apr 2001 23:07:43 +1000 From: David Turnbull <idiotchild@ozemail.com.au> To: freebsd-questions@freebsd.org Subject: IPSEC and FreeBSD 4.3 Message-ID: <20010430230743.A28837@mr.dave>
next in thread | raw e-mail | index | archive | help
i've been trying to configure an ipsec network with a friend,
who runs linux + frees/wan.
so far we've got most of it (i think) working except a routing
problem.
when it tries to get the ipsec-sa it times out and his logs say
"route-host command exited with status 7".
now, as soon as i enter my SPD configuration with setkey -c, we
can't ping each other like normal, and i think this is the issue.
here are some config info that might be relevant:
spdadd 216.126.136.108/32 210.84.119.238/32 any -P in ipsec
esp/transport//require ;
spdadd 210.84.119.238/32 216.126.136.108/32 any -P out ipsec
esp/transport//require ;
/usr/local/etc/racoon/racoon.conf:
path pre_shared_key "/usr/local/etc/racoon/psk.txt";
log debug4;
padding
{
maximum_length 20; # maximum padding length.
randomize off; # enable randomize length.
strict_check off; # enable strict check.
exclusive_tail off; # extract last one octet.
}
remote anonymous
{
exchange_mode main,aggressive;
lifetime time 28800 sec; # sec,min,hour
lifetime byte 100 MB; # B,KB,GB
initial_contact on;
# my_identifier fqdn "right";
proposal {
encryption_algorithm 3des;
hash_algorithm hmac_sha1;
authentication_method pre_shared_key;
dh_group 2 ;
}
}
# phase 2 proposal (for IPsec SA).
sainfo anonymous
{
lifetime time 12 hour;
#lifetime time 3 minute;
lifetime byte 50 MB;
encryption_algorithm 3des, cast128, des;
authentication_algorithm hmac_sha1, hmac_md5;
compression_algorithm deflate;
}
am i right in thinking that my config is ok, and that the
frees/wan config is broken?
thanks,
dave
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010430230743.A28837>