From: Mark B. <mba...@ne...> - 2007-07-17 20:55:24
|
I have a single host running centos 4 connecting through racoon tunnel to a checkpoint firewall. =20 Several times a day the SA expires and does not re-key. =20 =20 ERROR: unknown Informational exchange received. =20 I have to kill the racoon process and restart it to get the tunnel to re-initialize. =20 Any ideas what is happening? Here are my configs. If you need more detailed logs let me know, I'm running debug2 =20 =20 =20 cat /etc/racoon/setkey.conf #!/sbin/setkey -f # flush; spdflush; =20 #local host A.A.A.A #remote firewall B.B.B.B #remote destination C.C.C.C =20 spdadd A.A.A.A/32 C.C.C.C/32 any -P out ipsec esp/tunnel/A.A.A.A-B.B.B.B/require; spdadd C.C.C.C/32 A.A.A.A/32 any -P in ipsec esp/tunnel/B.B.B.B-A.A.A.A/require; =20 =20 this sets up a tunnel policy between the local host and the remote firewall for the single destination C.C.C.C=20 =20 rc.local then calls /usr/sbin/racoon =20 [root@credexhost mon]# cat /etc/racoon/racoon.conf =20 # Racoon IKE daemon configuration file. # See 'man racoon.conf' for a description of the format and entries. =20 log debug2; path include "/etc/racoon"; path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs"; =20 sainfo anonymous { pfs_group 2; lifetime time 24 hour ; encryption_algorithm 3des ; authentication_algorithm hmac_md5 ; compression_algorithm deflate ; } =20 remote anonymous { exchange_mode main; generate_policy on; lifetime time 1 hour; # sec,min,hour proposal_check claim; # obey, strict or claim proposal { encryption_algorithm 3des; hash_algorithm md5; authentication_method pre_shared_key; dh_group 2 ; } } =20 =20 =20 =20 =20 |