[opennhrp-devel] Please Help : NHRP Configuration on OpenWRT

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello, 

I am trying to get NHRP running on an OpenWRT router (D-Link-825).

I am not familiar with all the interactions, and feel sure that I'm missing
something.

Right now when I run opennhrp from my command line, I receive 

Racoonctl: unknown protocol -w

Here are the configuration files I have set so far:

Relevant sections of Cisco Config file:

---------------------------------------------

crypto isakmp policy 5

 encr aes

 hash md5

 authentication pre-share

 group 2

crypto isakmp key CRYPTO_KEY address 0.0.0.0 0.0.0.0 no-xauth

!

!

crypto ipsec transform-set HighSec_Xform esp-aes esp-md5-hmac comp-lzs 

!

crypto ipsec profile CiscoCP_Profile1

 set transform-set HighSec_Xform 

!

interface Tunnel0

 description DMVPN Tunnel

 bandwidth 75000

 ip address 10.1.0.1 255.255.255.0

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip mtu 1400

 no ip next-hop-self eigrp 0000

 ip nhrp authentication AUTH_KEY

 ip nhrp map multicast dynamic

 ip nhrp network-id 0000

 ip nhrp holdtime 360

 ip virtual-reassembly

 ip tcp adjust-mss 1360

 no ip split-horizon eigrp 0000

 ip ospf network point-to-multipoint

 ip ospf database-filter all out

 delay 1500

 tunnel source FastEthernet0

 tunnel mode gre multipoint

 tunnel key TUN_KEY

 tunnel protection ipsec profile CiscoCP_Profile1 shared

!

/etc/racoon.conf
path pre_shared_key "/etc/racoon/psk.txt";
remote anonymous {
exchange_mode main,aggressive;
lifetime time 24 hour;
# nat_traversal on;
script "/etc/opennhrp/racoon-ph1down.sh" phase1_down;
proposal {
encryption_algorithm aes;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo anonymous {
lifetime time 12 hour;
encryption_algorithm aes, 3des, blowfish 448, rijndael;
authentication_algorithm hmac_sha1, hmac_md5;
compression_algorithm deflate;
}

/etc/racoon/psk.txt
my.public.ip CRYPTO_KEY

/etc/opennhrp/opennhrp.conf
interface gre1
map 172.255.255.1/24 10.2.0.90 register cisco
cisco-authentication AUTH_KEY (also tried TUN_KEY)
shortcut

I'm seeing some errors that I've (tried) to correct from the racoonctl:

First : racoonctl establish-sa -w isakmp inet $NHRP_SRCNBMA ..

Seems to fail because -w is not a valid option.

I "corrected" to remove the -w 

Now I am getting 

Send: Bad file descriptor

I think Timo was seeing some similar stuff out there over at
network.ipsec.tools.devel

My configs are based mostly on the default stuff in the current set of
OpenWrt builds and
http://patrickpreuss.wordpress.com/2009/02/14/dmvpn-with-linux/

Thank in advance!!