[Ipsec-tools-devel] Problems with a road warrior configuration...

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi all!
I have been trying to setup a road warrior configuration for a week now
without succeeding and I can't find what I am doing wrong. I think I
have the server properly configured and waiting for the connection from
the mobile node, but I can't make the mobile node to start the ipsec
tunnel to the server. This is my configuration for racoon-tool

Server:
#
# Configuration file for racoon-tool
#
# See racoon-tool.conf(5) for details
#

# How to control the syslog level
global:
        log: debug
        path_pre_shared_key: /etc/racoon/psk.txt

peer(%anonymous):
        exchange_mode: aggressive
        hash_algorithm[0]: sha1
        encryption_algorithm[0]: 3des
        authentication_method[0]: rsasig
        dh_group[0]: modp1024
        my_identifier: fqdn donald.xxx.yyy
        certificate_type: x509 vpnpub.pem vpnpriv.pem
        verify_identifier: on
        verify_cert: on

connection(%anonymous):
        src_ip: IP_ADDRESS of donald.xxx.yyy
        admin_status: on
        authentication_algorithm: hmac_md5
        encryption_algorithm: 3des
        pfs_group: none

Which loads fine and creates a proper /var/lib/racoon/racoon.conf
file....

But the in the client I have

less racoon-tool.conf 
#
# Configuration file for racoon-tool
#
# See racoon-tool.conf(5) for details
#

#
# Configuration file for racoon-tool
#
# See racoon-tool.conf(5) for details
#

# How to control the syslog level
global:
        log: debug2
        path_pre_shared_key: /etc/racoon/psk.txt

peer(IP_ADDRESS of donald.xxx.yyy):
        exchange_mode: aggressive
        hash_algorithm[0]: sha1
        encryption_algorithm[0]: 3des
        authentication_method[0]: pre_shared_key
        dh_group[0]: modp1024
        my_identifier: fqdn caliope.dyndns.org

connection(%default):
        dst_ip: IP_ADDRESS of donald.xxx.yyy
        admin_status: on
        authentication_algorithm: hmac_md5
        encryption_algorithm: 3des

and when I start racoon-tool with this configuration if generates the
following racoon.conf:

nacho@Caliope:~$ less /var/lib/racoon/racoon.conf 
#
# Racoon configuration for Caliope

# Generated on Fri Sep 16 10:29:44 2005 by racoon-tool
#

#
# Global items
#
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
log debug2;

Which, of course does not initiate the ipsec tunnel when I connect to
Donald... I have tried to configure racoon directly without
succeeding... what am I doing wrong? I just want to have the simplest
roadwarrior configuration where the client contacts donald (the server)
and get an IP address from it to connect to donald's net... 

I am sure I am missing something, but what? 

Thanks in advance for the help! Please, Cc  the answer to me, since I am
not subscribed to the list.
/Nacho

---
       ,,,
      (o o)
--ooO--(_)---Ooo-----------
Falling in love would be the worst thing I could do.-Billy Joel 
--oo0--------0oo-----------

---
       ,,,
      (o o)
--ooO--(_)---Ooo-----------
The flowers anew, returning seasons bring; But beauty faded has no
second spring.-Ambrose Philips 
--oo0--------0oo-----------