hi all
 
i try to establish ipsec vpn
 
Network-A                     
192.168.200.0/24 
           +
           +
           +
192.168.200.254 
Gateway A 
     1.1.1.1 
           +
           + 
           +
           +
           +
      2.2.2.1
Gatewat B
192.168.1.254
           +
           +
           +
Network-B
192.168.1.0/24    
 
I wnat manual  racoon configure  to do it,
before i try manual  racoon configure.
I try another method  "ifup ipsec0".
ipsec tunnel has be  established.
and i can ping 192.168.200.254 on gateway B
 
 
 
Configuration SA phase 1 & phase 2  with racoon.conf
 
Gateway A
--------------------------------------------------------------------
racoon.conf
 
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
remote 2.2.2.1
{
        exchange_mode main;
        proposal {
        encryption_algorithm 3des;
        hash_algorithm md5;
        authentication_method pre_shared_key;
        dh_group 2;
        }
}
sainfo address 192.168.200.0/24 any address 192.168.1.0/24 any
{
        pfs_group 2;
        encryption_algorithm 3des;
        authentication_algorithm hmac_md5;
        compression_algorithm deflate;
}
--------------------------------------------------------------------------
ipsec.conf
 
spdadd 192.168.200.0/24 192.168.1.0/24 any -P out ipsec
        esp/tunnel/1.1.1.1-2.2.2.1/require;
spdadd 192.168.1.0/24 192.168.200.0/24 any -P in ipsec
        esp/tunnel/2.2.2.1-1.1.1.1/require;
--------------------------------------------------------------------------
psk.txt
 
2.2.2.1    12345 
---------------------------------------------------------------------------- 
 
then i type
setkey -v -f /etc/racoon/ipsec.conf
racoon -F 
-------------------------------------------------------------------------------------------------------------------------
2009-11-17 00:18:16: INFO: @(#)ipsec-tools 0.7 (http://ipsec-tools.sourceforge.net)
2009-11-17 00:18:16: INFO: @(#)This product linked OpenSSL 0.9.8b 04 May 2006 (http://www.openssl.org/)
2009-11-17 00:18:16: INFO: Reading configuration from "/etc/racoon/racoon.conf"
2009-11-17 00:18:18: INFO: Resize address pool from 0 to 255
2009-11-17 00:18:18: INFO: 127.0.0.1[500] used as isakmp port (fd=6)
2009-11-17 00:18:18: INFO: 127.0.0.1[500] used for NAT-T
2009-11-17 00:18:18: INFO: 1.1.1.1[500] used as isakmp port (fd=7)
2009-11-17 00:18:18: INFO: 1.1.1.1[500] used for NAT-T
2009-11-17 00:18:18: INFO: 192.168.200.254[500] used as isakmp port (fd=8)
2009-11-17 00:18:18: INFO: 192.168.200.254[500] used for NAT-T
2009-11-17 00:18:18: INFO: ::1[500] used as isakmp port (fd=9)
2009-11-17 00:18:18: INFO: fe80::205:5dff:fe05:20ae%eth0[500] used as isakmp port (fd=10)
------------------------------------------------------------------------------------------------------------------------------------
 
racoon is not working, and no error messages.
I find many racoon.conf examples. I think what should not be missed.
If i miss sometheing.
please give me any advice.
thank you a lot.
 
Paul Lee