Hello all. I have read through all of the posts I could find in the
archives and on Google about IPSec with Racoon.
I have two Monowalls running on Soekris boards. They both have DSLs with
static IPs. The provider, BellSouth does not filter IPSec or PPTP.
I am using 1.11 on both. I need a permanent tunnel between the two.
I am running both IPSec and PPTP at the same time. PPTP makes it easy to
remotely administer the routers.
I have followed the guides to the letter and cannot get a IPSec tunnel.
I even started with a very basic connection changing very few defaults.
Here is the racoon.conf file of router 1 -
$ cat /var/etc/racoon.conf
path pre_shared_key "/var/etc/psk.txt";
remote xxx.xxx.xxx.xxx {
exchange_mode aggressive;
my_identifier address "yyy.yyy.yyy.yyy";
peers_identifier address xxx.xxx.xxx.xxx;
initial_contact on;
support_proxy on;
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2;
lifetime time 28800 secs;
}
lifetime time 28800 secs;
}
sainfo address 192.168.1.0/24 any address 192.168.0.0/24 any {
encryption_algorithm 3des,blowfish,cast128,rijndael;
authentication_algorithm hmac_md5,hmac_sha1;
compression_algorithm deflate;
lifetime time 28800 secs;
}
Here is the output of router 2 -
$ cat /var/etc/racoon.conf
path pre_shared_key "/var/etc/psk.txt";
remote yyy.yyy.yyy.yyy {
exchange_mode aggressive;
my_identifier address "xxx.xxx.xxx.xxx";
peers_identifier address yyy.yyy.yyy.yyy;
initial_contact on;
support_proxy on;
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2;
lifetime time 28800 secs;
}
lifetime time 28800 secs;
}
sainfo address 192.168.0.0/24 any address 192.168.1.0/24 any {
encryption_algorithm 3des,blowfish,cast128,rijndael;
authentication_algorithm hmac_md5,hmac_sha1;
compression_algorithm deflate;
lifetime time 28800 secs;
}
What am I overlooking? Any help here would be greatly appreciated.
thank you. | 