#47 Cannot establish connection from XP box to FreeBSD racoon

racoon
open
nobody
5
2014-08-19
2010-04-21
Ilya Morozov
No

Hi.
I have problem with connection from Xp to racoon.
At the very beginning of connection in raccon logs there is such message:
ERROR: invalid DH group 20
ERROR: invalid DH group 19

In such order.
Certificates generated, both on FreeBSD openssl, and on Windows 2003 - result same.

racoon config:
path include "/usr/local/etc/racoon";
path certificate "/usr/local/etc/racoon/cert";
listen {
isakmp 192.168.20.27 [500];
#isakmp_natt 192.168.20.27 [4500];
}
log notify;

#log debug2;

padding {
maximum_length 20;
randomize off;
strict_check off;
exclusive_tail off;
}

#listen {
# adminsock "/var/run/racoon/racoon.sock";
#}

timer {
counter 5;
interval 20 sec;
persend 1;
phase1 30 sec;
phase2 15 sec;
}
remote anonymous {
exchange_mode main;
doi ipsec_doi;
situation identity_only;
nonce_size 16;
lifetime time 28800 min;
initial_contact on;
proposal_check obey;
certificate_type x509 "master.crt" "master.key";
#peers_certfile "ipsec-client.crt";
#my_identifier asn1dn;
#verify_identifier off;
#verify_cert on;
#weak_phase1_check on;
#support_proxy on;
passive on;
generate_policy on;
dpd_delay 20;
#nat_traversal on;
#ike_frag on;
#esp_frag 552;

proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method rsasig;
dh_group modp1024;
}
}

mode_cfg {
network4 192.168.50.0;
netmask4 255.255.255.0;
pool_size 200;
#auth_source ldap;
#conf_source ldap;
#auth_source radius;
accounting none;
dns4 192.168.20.252;
wins4 192.168.20.253;
banner "/usr/local/etc/racoon/motd";
pfs_group 1;
}
ldapcfg {
host "192.168.20.253";
base "dc=servertd,dc=spb,dc=ru";
subtree on;
bind_dn "cn=squid,dc=servertd,dc=spb,dc=ru";
bind_pw "proxy";
}

sainfo anonymous {
pfs_group 1;
lifetime time 1 hour;
encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}

Discussion