Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#14 sainfo specification

racoon
closed
nobody
None
5
2009-01-16
2005-04-07
Anonymous
No

I configured a system with ipsec-tools 0.3.3-1 kernel
2.6.9 for accepting VPN from Windows road-warriors.

I use the native windows XP ipsec via ipseccond command.
I generate the cerificates whith openssl-0.9.7a-40

All works with this racoon.conf:

path include "/etc/racoon";
path certificate "/etc/racoon/certs";

remote anonymous {
exchange_mode main;
generate_policy on;
passive on;
certificate_type x509 "fw.pem" "fw.key";
verify_cert on;
my_identifier asn1dn;
verify_identifier on;
peers_identifier asn1dn;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method rsasig;
dh_group modp1024;
}
}

sainfo address X.X.X.X/32 any address Y.Y.Y.Y/32 any
from asn1dn "C=IT/ST=MI/L=......." {
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}

Updatind the ipsec-tools to 0.5-2 (the latest from Fedora)
I get the error
>> failed to get sainfo.

if I change the line sainfo deleting the from cluse all
works.

Can someone help me to understand the problem?

Thank a lot
Antonio Soreca

antonio_soreca@yahoo.com

Discussion

  • Timo Teras
    Timo Teras
    2009-01-16

    • status: open --> closed
     
  • Timo Teras
    Timo Teras
    2009-01-16

    Closing all sourceforge.net bugs. If this issue has not been cared for please submit a new bug report to https://trac.ipsec-tools.net/ issue tracker. Thank you.