What happens if you replace "require" with "unique" in the spd config ?

On 17 February 2010 11:59, Pier <pierg75@yahoo.it> wrote:

Here is my racoon.conf:

remote 2.2.2.2
{
        exchange_mode main;
        verify_cert on;
        my_identifier address 1.1.1.1;
        lifetime time 86400 seconds ;
#       nat_traversal on;
        dpd_delay 10;
#       proposal_check claim ;
        proposal_check obey ;
        proposal {
               
encryption_algorithm 3des;
               
hash_algorithm sha1;
               
authentication_method pre_shared_key;
               
dh_group 2;
       }

}


And here the spd config:

spdadd 192.168.1.0/24   10.13.137.32/27 any
-P out ipsec esp/tunnel /1.1.1.1-2.2.2.2/require;
spdadd 192.168.1.0/24   2.2.2.2/32  any
-P out ipsec esp/tunnel/1.1.1.1-2.2.2.2/require;
spdadd 1.1.1.1/32   2.2.2.2/32  any -P
out ipsec esp/tunnel/1.1.1.1-2.2.2.2/require;
spdadd 1.1.1.1/32   10.13.137.32/27 
any -P out ipsec esp/tunnel/1.1.1.1-2.2.2.2/require;
spdadd 10.13.137.32/27  192.168.1.0/24 any -P in 
ipsec esp/tunnel 2.2.2.2-1.1.1.1/require;
spdadd 10.13.137.32/27  1.1.1.1/32 any -P in 
ipsec esp/tunnel 2.2.2.2-1.1.1.1/require;
spdadd 2.2.2.2/32 192.168.1.0/24 any -P in  ipsec
esp/tunnel/2.2.2.2-1.1.1.1/require;
spdadd 2.2.2.2/32 1.1.1.1/32 any -P in  ipsec
esp/tunnel/2.2.2.2-1.1.1.1/require;


The other side is doing some troubleshooting as well.
The racoon conf is a little mess cause i tried everything.
This is just the last one i tried.
Thanks

Pier








------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
Ipsec-tools-devel mailing list
Ipsec-tools-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel



--
Silvian Cretu
http://www.silviancretu.ro/