Date: Tue, 22 Jun 2010 16:35:43 +0200 From: VANHULLEBUS Yvan <vanhu@FreeBSD.org> To: ralf@dzie-ciuch.pl Cc: freebsd-net@freebsd.org Subject: Re: vpn trouble Message-ID: <20100622143543.GA72020@zeninc.net> In-Reply-To: <87260c422232fa7409a4b374341dd106@ewipo.pl> References: <87260c422232fa7409a4b374341dd106@ewipo.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jun 22, 2010 at 03:59:50PM +0200, ralf@dzie-ciuch.pl wrote: > > Hi, Hi. > I try to configure VPN over my server and my client [....] According to your racoon's debug (and confirmed by tcpdump), racoon tries to initiate a phase1 negociation, but never gets any answer from peer, so you may start by checking peer's logs, and/or compare both configurations. [....] > exchange_mode main, aggressive; # For Firewall-1 Aggressive mode If that comment in your racoon.conf is right, this is probably your (first ?) configuration issue: as initiator, racoon will use the first listed mode, so it will try a main mode negociation here. Note that, if you have complete access to configurations, aggressive mode has a lower security level than main mode, so should be avoided when main mode can also be used ! Yvan.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100622143543.GA72020>