Date: Fri, 27 Aug 2004 22:22:31 -0600 From: Aaron Siegel <aj@siegel-tech.net> To: freebsd-questions@freebsd.org Subject: Re: IPSEC Problems Message-ID: <200408272222.31981.aj@siegel-tech.net> In-Reply-To: <200408271819.49729.aj@siegel-tech.net> References: <200408271819.49729.aj@siegel-tech.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I figured my problem. I kept receiving error "HASH mismatched". I reduced my
racoon.conf down to the basics and it worked.
racoon.conf
path pre_shared_key "/usr/local/etc/racoon/psk.txt" ;
remote anonymous
{
exchange_mode aggressive ;
lifetime time 24 hour ;
proposal {
encryption_algorithm 3des ;
hash_algorithm sha1;
authentication_method pre_shared_key ;
dh_group 2;
}
}
sainfo anonymous
{
pfs_group 2;
lifetime time 12 hour ;
encryption_algorithm 3des, blowfish, des, rijndael ;
authentication_algorithm hmac_sha1, hmac_md5 ;
compression_algorithm deflate ;
}
psk.txt
192.168.245.12 Shared Key
Sorry for the premature post.
Aaron
On Friday 27 August 2004 06:19 pm, Aaron Siegel wrote:
> Hello
>
> I am stumped I am try to get a very simple IPSEC tunnel between my laptops
> and gateway. I can not seem to get the IKE to authenticate. I have had
> this working in with my other server which has been moved to a new
> location. I have a FreeBSD 4.10 Stable server and an 5.2.1 Release. I am
> aware of the problems with 5.2.1. I am not sure what I am missing. Is there
> a problem with 4.10 Stable? Both, my Window XP machine and FreeBSD 5.2.1
> are able to create a link with my new server, both of these computers were
> working with my old server.
>
> I have been able to setup a link between this computer and with my other
> server. I have listed my configuration bellow
>
> Thank you,
> Aaron
>
>
> Laptop config
>
> /etc/ipsec.conf
> spdadd 192.168.245.12/32 0.0.0.0/0 tcp -P out ipsec
> esp/tunnel/192.168.245.12-192.168.245.1/require;
> spdadd 0.0.0.0/0 192.168.245.12/32 tcp -P in ipsec
> esp/tunnel/192.168.245.1-192.168.245.12/require;
>
>
> I have copied the racoon.conf.dist file to
> /usr/local/etc/racoon/racoon.conf I have change the "life time" parameter
> to "1 hour"
>
> /usr/local/etc/racoon/psk.txt
> 192.168.245.1 Secret Key
>
> Kernel
> options IPSEC
> options IPSEC_ESP
> options IPSEC_DEBUG
>
> Server
>
> /etc/ipsec.conf
> spdadd 192.168.245.12/32 0.0.0.0/0 tcp -P in ipsec
> esp/tunnel/192.168.245.12-192.168.245.1/require;
> spdadd 0.0.0.0/0 192.168.245.12/32 tcp -P out ipsec
> esp/tunnel/192.168.245.1-192.168.245.12/require;
>
> spdadd 192.168.245.15/32 0.0.0.0/0 any -P in ipsec
> esp/tunnel/192.168.245.15-192.168.245.1/require;
> spdadd 0.0.0.0/0 192.168.245.15/32 any -P in ipsec
> esp/tunnel/192.168.245.1-192.168.245.15/require;
>
> I have copied the racoon.conf.dist file to
> /usr/local/etc/racoon/racoon.conf I have change the "life time" parameter
> to "1 hour"
>
> /usr/local/etc/racoon/psk.txt
> 192.168.245.12 Secret Key
> 192.168.245.15 Secret Key
>
> Kernel
> options FAST_IPSEC
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408272222.31981.aj>