From owner-freebsd-net@FreeBSD.ORG Tue Jun 22 15:12:07 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2F783106566B for ; Tue, 22 Jun 2010 15:12:07 +0000 (UTC) (envelope-from ralf@dzie-ciuch.pl) Received: from mail.ewipo.pl (mail.ewipo.pl [94.23.240.128]) by mx1.freebsd.org (Postfix) with ESMTP id E40848FC1C for ; Tue, 22 Jun 2010 15:12:06 +0000 (UTC) Received: from mail.ewipo.pl (localhost [127.0.0.1]) by mail.ewipo.pl (Postfix) with ESMTP id ACE272291B; Tue, 22 Jun 2010 17:11:59 +0200 (CEST) X-Virus-Scanned: amavisd-new at wrealizacji.pl Received: from mail.ewipo.pl ([127.0.0.1]) by mail.ewipo.pl (mail.ewipo.pl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xi72rnPnkfG1; Tue, 22 Jun 2010 17:11:58 +0200 (CEST) Received: by mail.ewipo.pl (Postfix, from userid 80) id 2236722919; Tue, 22 Jun 2010 17:11:58 +0200 (CEST) To: VANHULLEBUS Yvan X-PHP-Script: poczta.wrealizacji.pl/index.php for 89.250.193.50 MIME-Version: 1.0 Date: Tue, 22 Jun 2010 17:11:58 +0200 From: In-Reply-To: <20100622143543.GA72020@zeninc.net> References: <87260c422232fa7409a4b374341dd106@ewipo.pl> <20100622143543.GA72020@zeninc.net> Message-ID: X-Sender: ralf@dzie-ciuch.pl User-Agent: EWIPO Webmail/0.3.1 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Cc: freebsd-net@freebsd.org Subject: Re: vpn trouble X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jun 2010 15:12:07 -0000 Hi, Thanks for help I new on it and I never use VPN, only I have to do it. Please tell me how to check peer's log? I dont know how to check it? Have I change my racoon.conf exchange to aggressive, main? I forgot send last time - on the other side is cisco router, maybe this is important Regards Ralf On Tue, 22 Jun 2010 16:35:43 +0200, VANHULLEBUS Yvan wrote: > On Tue, Jun 22, 2010 at 03:59:50PM +0200, ralf@dzie-ciuch.pl wrote: >> >> Hi, > > Hi. > > >> I try to configure VPN over my server and my client > [....] > > According to your racoon's debug (and confirmed by tcpdump), racoon > tries to initiate a phase1 negociation, but never gets any answer from > peer, so you may start by checking peer's logs, and/or compare both > configurations. > > [....] >> exchange_mode main, aggressive; # For Firewall-1 Aggressive mode > > If that comment in your racoon.conf is right, this is probably your > (first ?) configuration issue: as initiator, racoon will use the first > listed mode, so it will try a main mode negociation here. > > Note that, if you have complete access to configurations, aggressive > mode has a lower security level than main mode, so should be avoided > when main mode can also be used ! > > > Yvan. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"