From owner-freebsd-net@FreeBSD.ORG  Tue Jun 22 15:35:44 2010
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 95804106564A
	for <freebsd-net@freebsd.org>; Tue, 22 Jun 2010 15:35:44 +0000 (UTC)
	(envelope-from vanhu@zeninc.net)
Received: from smtp.zeninc.net (smtp.zeninc.net [80.67.176.25])
	by mx1.freebsd.org (Postfix) with ESMTP id 4E5AE8FC14
	for <freebsd-net@freebsd.org>; Tue, 22 Jun 2010 15:35:44 +0000 (UTC)
Received: from astro.zen.inc (astro.zen.inc [192.168.1.239])
	by smtp.zeninc.net (smtpd) with ESMTP id 3FB052798BC;
	Tue, 22 Jun 2010 17:35:42 +0200 (CEST)
Received: by astro.zen.inc (Postfix, from userid 1000)
	id 2CF8C1702D; Tue, 22 Jun 2010 17:35:42 +0200 (CEST)
Date: Tue, 22 Jun 2010 17:35:42 +0200
From: VANHULLEBUS Yvan <vanhu@FreeBSD.org>
To: ralf@dzie-ciuch.pl
Message-ID: <20100622153541.GA72211@zeninc.net>
References: <87260c422232fa7409a4b374341dd106@ewipo.pl>
	<20100622143543.GA72020@zeninc.net>
	<c5781e9db1e6339b5b23c0c403c68d9a@ewipo.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <c5781e9db1e6339b5b23c0c403c68d9a@ewipo.pl>
User-Agent: All mail clients suck. This one just sucks less.
Cc: freebsd-net@freebsd.org
Subject: Re:  vpn trouble
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Jun 2010 15:35:44 -0000

On Tue, Jun 22, 2010 at 05:11:58PM +0200, ralf@dzie-ciuch.pl wrote:
> 
> Hi,
> 
> Thanks for help
> 
> I new on it and I never use VPN, only I have to do it.
> Please tell me how to check peer's log? I dont know how to check it?

If that's really a firewall-1 as said in comments, I just don't
know....


> Have I change my racoon.conf exchange to aggressive, main?

To just have it work, looks like you should just set "aggressive"
(stilla according to the comment in your configuration !!!).

To have a correct setup with a correct security level, you should
change peer's configuration to use main mode, and just keep "main" as
exchange_mode in racoon's conf !


> I forgot send last time - on the other side is cisco router, maybe this is
> important

Ok, so this is not a firewall-1, but I still don't know how to get the
configuration or how to get logs......


Yvan.