From: Ignacio M. I. <na...@kt...> - 2005-09-17 18:50:21
|
Hi all! I have been trying to setup a road warrior configuration for a week now without succeeding and I can't find what I am doing wrong. I think I have the server properly configured and waiting for the connection from the mobile node, but I can't make the mobile node to start the ipsec tunnel to the server. This is my configuration for racoon-tool Server: # # Configuration file for racoon-tool # # See racoon-tool.conf(5) for details # # How to control the syslog level global: log: debug path_pre_shared_key: /etc/racoon/psk.txt peer(%anonymous): exchange_mode: aggressive hash_algorithm[0]: sha1 encryption_algorithm[0]: 3des authentication_method[0]: rsasig dh_group[0]: modp1024 my_identifier: fqdn donald.xxx.yyy certificate_type: x509 vpnpub.pem vpnpriv.pem verify_identifier: on verify_cert: on connection(%anonymous): src_ip: IP_ADDRESS of donald.xxx.yyy admin_status: on authentication_algorithm: hmac_md5 encryption_algorithm: 3des pfs_group: none Which loads fine and creates a proper /var/lib/racoon/racoon.conf file.... But the in the client I have less racoon-tool.conf # # Configuration file for racoon-tool # # See racoon-tool.conf(5) for details # # # Configuration file for racoon-tool # # See racoon-tool.conf(5) for details # # How to control the syslog level global: log: debug2 path_pre_shared_key: /etc/racoon/psk.txt peer(IP_ADDRESS of donald.xxx.yyy): exchange_mode: aggressive hash_algorithm[0]: sha1 encryption_algorithm[0]: 3des authentication_method[0]: pre_shared_key dh_group[0]: modp1024 my_identifier: fqdn caliope.dyndns.org connection(%default): dst_ip: IP_ADDRESS of donald.xxx.yyy admin_status: on authentication_algorithm: hmac_md5 encryption_algorithm: 3des and when I start racoon-tool with this configuration if generates the following racoon.conf: nacho@Caliope:~$ less /var/lib/racoon/racoon.conf # # Racoon configuration for Caliope # Generated on Fri Sep 16 10:29:44 2005 by racoon-tool # # # Global items # path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs"; log debug2; Which, of course does not initiate the ipsec tunnel when I connect to Donald... I have tried to configure racoon directly without succeeding... what am I doing wrong? I just want to have the simplest roadwarrior configuration where the client contacts donald (the server) and get an IP address from it to connect to donald's net... I am sure I am missing something, but what? Thanks in advance for the help! Please, Cc the answer to me, since I am not subscribed to the list. /Nacho --- ,,, (o o) --ooO--(_)---Ooo----------- Falling in love would be the worst thing I could do.-Billy Joel --oo0--------0oo----------- --- ,,, (o o) --ooO--(_)---Ooo----------- The flowers anew, returning seasons bring; But beauty faded has no second spring.-Ambrose Philips --oo0--------0oo----------- |