Re: [Ipsec-tools-devel] pending patches
Brought to you by:
mit_warlord,
netbsd
From: Gabriel S. <gs...@gm...> - 2007-06-14 12:12:46
|
On 6/14/07, Paul Winder <Pau...@ta...> wrote: > What's in your racoon.conf? path include "/etc/racoon"; path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs"; path script "/etc/racoon/scripts"; sainfo anonymous { pfs_group 2; lifetime time 1 hour ; encryption_algorithm 3des, blowfish 448, rijndael ; authentication_algorithm hmac_sha1, hmac_md5 ; compression_algorithm deflate ; } remote 192.168.5.220 { exchange_mode main; my_identifier fqdn "foo.bar.com"; certificate_type x509 "test.crt" "test.key"; ca_type x509 "ca.crt"; mode_cfg on; script "p1_up_down" phase1_up; script "p1_up_down" phase1_down; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method xauth_rsa_client; dh_group 2; } } > Also what's in your routing table? What does "ip route show" display. Before 'racoonctl vc 192.168.5.220' it's this: 192.168.123.0/24 dev eth0 proto kernel scope link src 192.168.123.234 default via 192.168.123.1 dev eth0 Afterwards, it's this: 192.168.5.220 via 192.168.123.1 dev eth0 192.168.123.0/24 dev eth0 proto kernel scope link src 192.168.123.234 172.31.0.0/16 dev eth0 proto kernel scope link src 172.31.4.4 default via 192.168.123.1 dev eth0 src 172.31.4.4 Thanks much, Gabriel |