Menu
▾
▴
[Ipsec-tools-users] More info about error: "VENDOR ID:RFC 3706 Detecting dead IKE peers"
|
From: sandy s <san...@gm...> - 2005-12-03 16:49:31
|
Hi,
The linux version I am using is Fedora Core 4, ( kernel 2.6.11 ) on both
systems. I have succesfully done the pre shared key based ipsec connection.
I am facing issue with kerberos based authentication.
I am able to work with kerberos in standalone mode. I have
executed gss api examples successfully.
I have key tab entries of the form "ike/fqdn" for both the machines.I am
getting the TGT for the principal "ike/fqdn" on the initiator. I am not
sure what is going wrong.
Can anybody please let me know when this error:
VENDOR ID:RFC 3706 Detecting dead IKE peers error can occur ??
- Sandy
On 12/3/05, sandy s <san...@gm...> wrote:
>
> Hi,
>
> I am seeing the error :
>
> VENDOR ID:RFC 3706 Detecting dead IKE peers.
> My racoon.conf is :
>
> remote 192.168.1.122 {
> exchange_mode main;
> proposal {
> encryption_algorithm des;
> hash_algorithm md5;
> authentication_method gssapi_krb;
> gssapi_id "ike/kdc.kerb.com";
> dh_group 2;
> }
> }
> sainfo anonymous
> {
> pfs_group 2;
> lifetime time 1 hour;
> encryption_algorithm des;
> authentication_algorithm hmac_sha1, hmac_md5 ;
> compression_algorithm deflate ;
> }
>
> I am unable to communicate with the other peer and trace is saying VENDO=
R
> ID:RFC 3706 Detecting dead IKE peers
>
> Can anybody please tell me what could be the error. I am really strugglin=
g
> to indentify the cause :(
>
> I am having keytab entries for both host machines. and also entry of type
> ike/fqdn. I am getting the initial ticket for ike/fqdn ( my machines fqd=
n )
> by using "kinit -k -t /etc/krb5.keytab -A " , I am getting the tickets. D=
o I
> need to add pass rules for KDC port 88 ?
>
> I am unable to figure out the dead peer error.
>
> Thanks,
> Sandy
>
>
|
