Thanks, I just changed it all to use DES, but now I have the problem with the authtype

2007-12-04 09:46:07: INFO: no policy found, try to generate the policy : 192.168.2.0/24[0] 192.168.1.0/24[0] proto=any dir=in
2007-12-04 09:46:07: WARNING: authtype mismatched: my:hmac-md5 peer:254
2007-12-04 09:46:07: WARNING: authtype mismatched: my:hmac-sha peer:254
2007-12-04 09:46:07: ERROR: not matched
2007-12-04 09:46:07: ERROR: no suitable policy found.
2007-12-04 09:46:07: ERROR: failed to pre-process packet.

Any idea what 254 would be or how to get racoon to talk to it?
Many thanks

On 03/12/2007, VANHULLEBUS Yvan <vanhu@free.fr> wrote:

Hi.

On Mon, Dec 03, 2007 at 02:23:27PM +0200, Dean Moriarty wrote:
> I have setup a link between offices and am using a draytek router we had and
> on the headoffice side I have a freebsd gateway.
> I am getting this in the security log and no matter what I change on each
> end it ends up at this point - I have tried searching, but not come up with
> anything useful.
> Any help appreciated.
>
> [root@hydra rc.d]# racoon -F
[....]
> 2007-11-29 14:14:52: WARNING: trns_id mismatched: my:3DES peer:DES
> 2007-11-29 14:14:52: WARNING: trns_id mismatched: my:3DES peer:DES
> 2007-11-29 14:14:52: WARNING: trns_id mismatched: my:BLOWFISH peer:DES
> 2007-11-29 14:14:52: WARNING: trns_id mismatched: my:BLOWFISH peer:DES
> 2007-11-29 14:14:52: ERROR: not matched
> 2007-11-29 14:14:52: ERROR: no suitable policy found.
> 2007-11-29 14:14:52: ERROR: failed to pre-process packet.

You allow 3DES and blowfish in your sainfo entry, peers wants DES, so
negociation fails....


Yvan.

-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell.  From the desktop to the data center, Linux is going
mainstream.  Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________
Ipsec-tools-users mailing list
Ipsec-tools-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipsec-tools-users