[opennhrp-devel] Please Help : NHRP Configuration on OpenWRT
Brought to you by:
fabled80
From: Roger H. <the...@gm...> - 2010-03-04 01:07:16
|
Hello, I am trying to get NHRP running on an OpenWRT router (D-Link-825). I am not familiar with all the interactions, and feel sure that I'm missing something. Right now when I run opennhrp from my command line, I receive Racoonctl: unknown protocol -w Here are the configuration files I have set so far: Relevant sections of Cisco Config file: --------------------------------------------- crypto isakmp policy 5 encr aes hash md5 authentication pre-share group 2 crypto isakmp key CRYPTO_KEY address 0.0.0.0 0.0.0.0 no-xauth ! ! crypto ipsec transform-set HighSec_Xform esp-aes esp-md5-hmac comp-lzs ! crypto ipsec profile CiscoCP_Profile1 set transform-set HighSec_Xform ! interface Tunnel0 description DMVPN Tunnel bandwidth 75000 ip address 10.1.0.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip mtu 1400 no ip next-hop-self eigrp 0000 ip nhrp authentication AUTH_KEY ip nhrp map multicast dynamic ip nhrp network-id 0000 ip nhrp holdtime 360 ip virtual-reassembly ip tcp adjust-mss 1360 no ip split-horizon eigrp 0000 ip ospf network point-to-multipoint ip ospf database-filter all out delay 1500 tunnel source FastEthernet0 tunnel mode gre multipoint tunnel key TUN_KEY tunnel protection ipsec profile CiscoCP_Profile1 shared ! /etc/racoon.conf path pre_shared_key "/etc/racoon/psk.txt"; remote anonymous { exchange_mode main,aggressive; lifetime time 24 hour; # nat_traversal on; script "/etc/opennhrp/racoon-ph1down.sh" phase1_down; proposal { encryption_algorithm aes; hash_algorithm md5; authentication_method pre_shared_key; dh_group 2; } } sainfo anonymous { lifetime time 12 hour; encryption_algorithm aes, 3des, blowfish 448, rijndael; authentication_algorithm hmac_sha1, hmac_md5; compression_algorithm deflate; } /etc/racoon/psk.txt my.public.ip CRYPTO_KEY /etc/opennhrp/opennhrp.conf interface gre1 map 172.255.255.1/24 10.2.0.90 register cisco cisco-authentication AUTH_KEY (also tried TUN_KEY) shortcut I'm seeing some errors that I've (tried) to correct from the racoonctl: First : racoonctl establish-sa -w isakmp inet $NHRP_SRCNBMA .. Seems to fail because -w is not a valid option. I "corrected" to remove the -w Now I am getting Send: Bad file descriptor I think Timo was seeing some similar stuff out there over at network.ipsec.tools.devel My configs are based mostly on the default stuff in the current set of OpenWrt builds and http://patrickpreuss.wordpress.com/2009/02/14/dmvpn-with-linux/ Thank in advance!! |