Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#43 DNS info appears to be missing (racoon)

racoon
closed
nobody
5
2009-01-16
2008-11-03
jnm
No

I have an XAUTH racoon setup - but name lookups don't appear to work at all.
If I use the numeric IPv4 address though, everything works.

I tried using the script / phase 1 up, and many felds look unpopulated,
but I don't know enough about how it works to know if that is expected.

Here is the output of "env" run in the script / phase1_up:

DEFAULT_DOMAIN=
INTERNAL_ADDR4=129.156.172.65
INTERNAL_CIDR4=22
INTERNAL_DNS4=
INTERNAL_DNS4_LIST=
INTERNAL_MASK4=
INTERNAL_NETMASK4=
INTERNAL_WINS4=
INTERNAL_WINS4_LIST=
LOCAL_ADDR=129.156.179.245
LOCAL_PORT=4500
PWD=/
REMOTE_ADDR=>>thisIsSetToMySourceInternetAddress<<
REMOTE_PORT=4500
SPLIT_INCLUDE=
SPLIT_LOCAL=
XAUTH_USER=myid

here is the racoon.conf file:

#Below line is not required for Sun Ray VPN to work.
path certificate "/etc/ssl/certs";
path pre_shared_key "/etc/racoon/psk.txt";

#This section restricts listening to the service IP; not strictly necessary.
#listen {
# isakmp 129.156.179.245;
# isakmp_natt 129.156.179.245 [4500];
#}

log debug2;

remote anonymous {
script "/etc/racoon/fred" phase1_up;
mode_cfg on;
exchange_mode aggressive;
passive on;
generate_policy on;
nat_traversal on;
ike_frag on;
proposal {
encryption_algorithm aes;
hash_algorithm md5;
authentication_method xauth_psk_server;
dh_group 2;
}
}

sainfo anonymous {
encryption_algorithm aes;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}

mode_cfg {
network4 129.156.172.0;
netmask4 255.255.252.0;
pool_size 250;
auth_source pam;
default_domain "thisis.mydomain.com";
split_dns "mydomain.com";
dns4 129.156.179.246;

}

The same setup using EZVPN does work, so there must be something wrong somewhere with my setup
of the info being passed.

Discussion

  • jnm
    jnm
    2008-11-03

    Should have added: Ubuntu 8.10;
    @(#)ipsec-tools 0.7 (http://ipsec-tools.sourceforge.net)
    @(#)This product linked OpenSSL 0.9.8g 19 Oct 2007 (http://www.openssl.org/)

     
  • Problem solved - no route from DNS server to clients ont he VPN.

     
  • Timo Teras
    Timo Teras
    2009-01-16

    • status: open --> closed
     
  • Timo Teras
    Timo Teras
    2009-01-16

    Closing all sourceforge.net bugs. If this issue has not been cared for please submit a new bug report to https://trac.ipsec-tools.net/ issue tracker. Thank you.