IPSec mezi dvema BSD boxy - dlouhe

Tomas Randa lists at hosting50.cz
Thu Jul 22 09:47:32 CEST 2004

Previous message: SATA RAID
Next message: IPSec mezi dvema BSD boxy - dlouhe
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mam problem s nastavenim VPN over IPsec mezi dvema BSD. Jedno je 5.2.1
release, druhy je current.

Konfigurace je nasledovna:

	BOX1		    internet		BOX2
				|
A.B.C.D		E.F.G.H		|	I.J.K.L		M.N.O.P
				|

E.F.G.H a I.J.K.L jsou realne IP adresy rozhrani do internetu
A.B.C.D a M.N.O.P jsou privatni IP adresy gif rozhrani nastavene pres
ifconfig gif0 inet 

Konfigurace BOXU1:

#####/etc/ipsec.conf:

spdadd M.N.O.P/30 A.B.C.D/32 any -P in ipsec
esp/tunnel/I.J.K.L-E.F.G.H/require;

spdadd A.B.C.D/30 M.N.O.P/32 any -P out ipsec
esp/tunnel/E.F.G.H-I.J.K.L/require;

#####/usr/local/etc/racoon/racoon.conf

remote I.J.K.L
{
        exchange_mode main,aggressive;
        doi ipsec_doi;
        situation identity_only;
        lifetime time 28800 sec;        # sec,min,hour
        initial_contact on;
        support_mip6 on;
        proposal_check obey;    # obey, strict or claim
        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key ;
                dh_group 2 ;
        }
}

#####/usr/local/etc/racoon/psk.txt

I.J.K.L	secret



####################Konfigurace BOXU2:####################

#####/etc/ipsec.conf:

spdadd A.B.C.D/30 M.N.O.P/24 any -P in ipsec
esp/tunnel/E.F.G.H-I.J.K.L/require;
spdadd M.N.O.P/30 A.B.C.D/24 any -P out ipsec
esp/tunnel/I.J.K.L-E.F.G.H/require;


#####/usr/local/etc/racoon/racoon.conf

remote E.F.G.H
{
        exchange_mode main,aggressive;
        doi ipsec_doi;
        situation identity_only;
        lifetime time 28800 sec;        # sec,min,hour
        initial_contact on;
        support_mip6 on;
        proposal_check obey;    # obey, strict or claim
        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key ;
                dh_group 2 ;
        }
}

#####/usr/local/etc/racoon/psk.txt
E.F.G.H	secret


Spoustim to pres 

setkey -FP
setkey -F
setkey -f /usr/local/etc/racoon/policy.conf
/usr/local/sbin/racoon -F -v -f /usr/local/etc/racoon/racoon.conf -l
/var/log/racoon.log

ale kdyz dam ping z BOXU1 na M.N.O.P tak neodpovida.

Take se mi objevuje tato hlaska od racoonu:

2004-07-22 09:43:08: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate
new phase 2 negotiation: 193.84.40.30[0]<=>193.84.40.6[0]
2004-07-22 09:43:08: ERROR: pfkey.c:1076:pk_sendupdate(): libipsec
failed send update (No buffer space available)
2004-07-22 09:43:08: ERROR: isakmp_quick.c:651:quick_i2send(): pfkey
update failed.
2004-07-22 09:43:08: ERROR: isakmp.c:750:quick_main(): failed to process
packet.
2004-07-22 09:43:08: ERROR: isakmp.c:541:isakmp_main(): phase2
negotiation failed.


Neni problem v komunikaci Release - Current nebo mam neco blbe?

Diky Tomas Randa
-- 
Tomas Randa <lists at hosting50.cz>

Previous message: SATA RAID
Next message: IPSec mezi dvema BSD boxy - dlouhe
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list