From: <ips...@do...> - 2007-01-23 16:53:32
|
Dear Users! I will appreciate any help! Please tell me what is wrong with my configuration. I am a very BEGINNER and the problem is urgent. T-H-A-N-K Y-O-U network: a.a.a.a --- (eth) ---- B.B.B.B ---- (ppp- ipsec) ---- C.C.C.C --- (eth) --- d.d.d.d Four machines. "BBBB" - is an www-apache server, and: when I use "BBBB" from "dddd" is works fine, BUT if I use "BBBB" from "CCCC" - often crashing. "aaaa" and "dddd" are local networks. my config: spdadd B.B.B.B C.C.C.C any -P out ipsec esp/tunnel/B.B.B.B-C.C.C.C/require; spdadd C.C.C.C B.B.B.B any -P in ipsec esp/tunnel/C.C.C.C-B.B.B.B/require; iptables -t nat -A POSTROUTING -o ppp0 -m policy --dir out --pol ipsec -j ACCEPT iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE and a standard racoon.conf: path pre_shared_key "/etc/racoon/psk.txt"; remote anonymous { exchange_mode aggressive,main; doi ipsec_doi; situation identity_only; my_identifier address; lifetime time 2 min; # sec,min,hour initial_contact on; proposal_check obey; # obey, strict or claim proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2 ; } } sainfo anonymous { pfs_group 1; lifetime time 2 min; encryption_algorithm 3des ; authentication_algorithm hmac_sha1; compression_algorithm deflate ; } Linux 2.6.18 ipsec-tools 0.6.6 ===END=== |