Thread: [Ipsec-tools-devel] dnssec in racoon
Brought to you by:
mit_warlord,
netbsd
From: Torben V. <to...@wo...> - 2006-09-21 19:08:20
|
Hello, I tried to use dnssec with racoon (0.6.6), but everytime I set peers_certfile dnssec; I get: ERROR: /etc/racoon/racoon.conf:24: dnssec" Different peers_certfile method already defined! What is wrong with the config below? Or is the feature not fully implemented? Is there an howto? Thanks in advance greetings Viets Here is my config: path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs"; timer { natt_keepalive 20 seconds; } padding { strict_check off; # enable strict check. exclusive_tail off; # extract last one octet. } remote 10.10.2.1 { exchange_mode main; lifetime time 1 hour; # my_identifier asn1dn; # ca_type x509 "rootca.pem"; certificate_type x509 "sandy.public" "sandy.private"; peers_certfile dnssec; ike_frag on; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig;#pre_shared_key; dh_group modp1024; } } sainfo address 172.16.1.2/32 any address 172.16.2.1/32 any { #sainfo address 192.168.1.0/24 any address 172.16.1.0/24 any { pfs_group modp768; encryption_algorithm 3des; authentication_algorithm hmac_md5; compression_algorithm deflate; } |