Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#43 racoon configuration

0.6 branch
closed
nobody
5
2009-01-16
2006-01-13
Anonymous
No

I'm having hard time to set up ipsec between xp pro
and linux 2.6.11 box. The problem is sometimes the
phase1 SA between the two would stuck in larval
state, and once that happens, the communication
between the two is unsecured, although both sides
have ipsec enabled.
Also, when they are talking in ipsec, after a few
minutes, if I disable ipsec on the xp box, they will
not be able to communicate. I believe the reason is
the linux side still has the SAs in the mature
state. Is there a way to nullify the SAs (or to
force it to expire)?
Here is my configuration files:

setkey.conf
#!/usr/sbin/setkey -f
flush;
spdflush;
spdadd 10.10.87.59 0.0.0.0/0 any -P out ipsec
esp/transport//use;
spdadd 0.0.0.0/0 10.10.87.59 any -P in ipsec
esp/transport//use;

racoon.conf
path pre_shared_key "psk.txt";
remote anonymous
{
exchange_mode main, base;
lifetime time 8 hours;
proposal
{
encryption_algorithm des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 1;
}
}
sainfo anonymous
{
lifetime time 12 hour;
encryption_algorithm 3des, des;
authentication_algorithm hmac_sha1, hmac_md5;
compression_algorithm deflate;
}

Discussion

  • ziebell
    ziebell
    2006-02-14

    Logged In: YES
    user_id=1404502

    What SP are you using? If you are using SP2 and NAT-T
    you'll need to apply a reg patch. See
    http://news.zdnet.com/2100-1009_22-5321783.html, 'Microsoft
    addresses NAT conflict introduced by SP2'.

     
  • Timo Teras
    Timo Teras
    2009-01-16

    Closing all sourceforge.net bugs. If this issue has not been cared for please submit a new bug report to https://trac.ipsec-tools.net/ issue tracker. Thank you.

     
  • Timo Teras
    Timo Teras
    2009-01-16

    • status: open --> closed