On Thu, Sep 11, 2003 at 10:31:56AM +0200, Michal Ludvig wrote:
> Did you already solve it?
No, I ended up sitting it aside while I work on some selinux
> What came to my mind when reading your problem description:
> - Does /etc/racoon/psk.txt have correct permissions (i.e. 0600)?
Pretty sure both ends do: they were installed from debian packages
and then edited to simplify to be the same as the HOWTO example. On
the machine I have available at this moment I can confirm 0600 root.root.
> - Don't you firewall UDP port 500 (used for IKE handshake)?
Firewalls are disabled.
> - Is there something in the log when running racoon with
> argument -v (or even -d)?
I've run it with those and do get error messages which mean nothing
> - SA is created upon first connection attempt - don't expect to
> see anything in "setkey -D" before you try to ping or telnet to the
> other side. But as soon as ping you should see traffic between the two
> computers - first UDP/500 and then ESP carying the ping packet itself.
Yes, the test conditions are three machines, A, B, C; A and B have a
tunnel; I start a ping from A -> B and then monitor it with tcpdump
on C. I'm getting a plaintext ping with the racoon setup, but the
ESP with the simple setkey approach.
I'll have to run some more tests to get the debug output for
you, probably tomorrow.
Get latest updates about Open Source Projects, Conferences and News.