Re: [Ipsec-tools-devel] pending patches
Brought to you by:
mit_warlord,
netbsd
Menu
▾
▴
Re: [Ipsec-tools-devel] pending patches
|
From: Gabriel S. <gs...@gm...> - 2007-06-14 12:12:46
|
On 6/14/07, Paul Winder <Pau...@ta...> wrote:
> What's in your racoon.conf?
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
path script "/etc/racoon/scripts";
sainfo anonymous
{
pfs_group 2;
lifetime time 1 hour ;
encryption_algorithm 3des, blowfish 448, rijndael ;
authentication_algorithm hmac_sha1, hmac_md5 ;
compression_algorithm deflate ;
}
remote 192.168.5.220
{
exchange_mode main;
my_identifier fqdn "foo.bar.com";
certificate_type x509 "test.crt" "test.key";
ca_type x509 "ca.crt";
mode_cfg on;
script "p1_up_down" phase1_up;
script "p1_up_down" phase1_down;
proposal
{
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method xauth_rsa_client;
dh_group 2;
}
}
> Also what's in your routing table? What does "ip route show" display.
Before 'racoonctl vc 192.168.5.220' it's this:
192.168.123.0/24 dev eth0 proto kernel scope link src 192.168.123.234
default via 192.168.123.1 dev eth0
Afterwards, it's this:
192.168.5.220 via 192.168.123.1 dev eth0
192.168.123.0/24 dev eth0 proto kernel scope link src 192.168.123.234
172.31.0.0/16 dev eth0 proto kernel scope link src 172.31.4.4
default via 192.168.123.1 dev eth0 src 172.31.4.4
Thanks much,
Gabriel
|