From owner-freebsd-net@FreeBSD.ORG Thu Jun 12 01:06:51 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4063A37B401 for ; Thu, 12 Jun 2003 01:06:51 -0700 (PDT) Received: from mail.sandilands.vu (CPE-144-132-178-155.nsw.bigpond.net.au [144.132.178.155]) by mx1.FreeBSD.org (Postfix) with ESMTP id 87E3343FBD for ; Thu, 12 Jun 2003 01:06:46 -0700 (PDT) (envelope-from peter@sandilands.vu) Received: from wxp ([192.168.100.28]) by mail.sandilands.vu (8.11.6/8.11.6) with ESMTP id h5C85cb27220 for ; Thu, 12 Jun 2003 18:05:39 +1000 (EST) (envelope-from peter@sandilands.vu) From: "Peter Sandilands" Organization: Better Development Skills Pty Ltd To: freebsd-net@freebsd.org Date: Thu, 12 Jun 2003 18:08:11 +1000 MIME-Version: 1.0 Message-ID: <3EE8C18B.3263.5BFB1F8@localhost> Priority: normal X-mailer: Pegasus Mail for Windows (v4.11) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Subject: FBSD 4.8 + IPSEC + Racoon to D-Link Dl804V Any experiences? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jun 2003 08:06:51 -0000 Hi, Trying to finish off setting up a VPN (ESP Tunnel mode) between a FreeBSD 4.8 box and a D-Link router Dl-804V. After much fiddling and configing I have a setup that works as long as I establish the tunnel from the D-link end. All then works fine from a VPN standpoint. I cannot seem to provoke the Tunnel into action from the lan behind the FreeBSD box. I have tried with the distributed version of racoon.conf and havce most success with apurpose crafted version. Running racoon in foreground with -v and -d provides me with LOTS of info :-) Not all of which is easy to follow. Adding -l and logging to a file provides even more info. >From what I can see- The Fbsd box starts a Phase 1 IKE-SA in aggressive mode, builds the packet, sends it to the other end. It the re-sends the packet and keeps doing that. I don't see any message labelled as "error" by racoon. All I seem able to set at the D-link is pre-shared or manula key (using pre-shared), use DES or 3DES, use perfect forward secrecy or not and what they call Key life (defaults to 3600) and Ike Life Time (defaults to 28800 sec) Anyone done this before? Any pointers on where I can look further? I have trawled the web pretty extensively regards Pete