I think I found a problem with the new release and IPSec. I had a working
IPSec config with version 18. I upgraded to 19, and it still works except I
can only communicate with people on the other LANs, but if they try and
communicate with me, no go. They can ping my LAN interface, and that's it.
Here is a copy of cat /var/etc/racoon.conf. This config was working
perfectly with the old version. Could this be a firewall issue considering
the changes made to that? I tried putting allows for all traffic to and
from 192.168.0.0, but no luck.
Chris
path pre_shared_key "/var/etc/psk.txt";
remote 24.187.115.86 {
exchange_mode main;
my_identifier address "24.190.174.211";
peers_identifier address 24.187.115.86;
initial_contact on;
support_proxy on;
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2;
lifetime time 86400 secs;
}
lifetime time 86400 secs;
}
sainfo address 192.168.2.0/24 any address 192.168.4.0/24 any {
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
pfs_group 2;
lifetime time 86400 secs;
}
remote 24.185.231.163 {
exchange_mode main;
my_identifier address "24.190.174.211";
peers_identifier address 24.185.231.163;
initial_contact on;
support_proxy on;
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2;
lifetime time 86400 secs;
}
lifetime time 86400 secs;
}
sainfo address 192.168.2.0/24 any address 192.168.3.0/24 any {
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
pfs_group 2;
lifetime time 86400 secs;
}
remote 24.190.161.244 {
exchange_mode main;
my_identifier address "24.190.174.211";
peers_identifier address 24.190.161.244;
initial_contact on;
support_proxy on;
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2;
lifetime time 86400 secs;
}
lifetime time 86400 secs;
}
sainfo address 192.168.2.0/24 any address 192.168.1.0/24 any {
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
pfs_group 2;
lifetime time 86400 secs;
}
remote 24.184.150.82 {
exchange_mode main;
my_identifier address "24.190.174.211";
peers_identifier address 24.184.150.82;
initial_contact on;
support_proxy on;
proposal_check obey;
proposal {
encryption_algorithm des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2;
lifetime time 86400 secs;
}
lifetime time 86400 secs;
}
sainfo address 192.168.2.0/24 any address 192.168.5.0/24 any {
encryption_algorithm des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
pfs_group 2;
lifetime time 86400 secs;
}
remote 24.190.161.244 {
exchange_mode main;
my_identifier address "24.190.174.211";
peers_identifier address 24.190.161.244;
initial_contact on;
support_proxy on;
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2;
lifetime time 86400 secs;
}
lifetime time 86400 secs;
}
sainfo address 192.168.2.0/24 any address 192.168.6.0/24 any {
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
pfs_group 2;
lifetime time 86400 secs;
}
remote 207.198.250.254 {
exchange_mode main;
my_identifier address "24.190.174.211";
peers_identifier address 207.198.250.254;
initial_contact on;
support_proxy on;
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 5;
lifetime time 86400 secs;
}
lifetime time 86400 secs;
}
sainfo address 192.168.2.0/24 any address 172.16.0.0/16 any {
encryption_algorithm des,3des,blowfish,cast128,rijndael;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
pfs_group 5;
lifetime time 86400 secs;
} | 