[ previous ] [ next ] [ threads ]
 
 From:  Lists <lists at ironcomet dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  IPSec woes
 Date:  Sun, 24 Apr 2005 15:13:00 -0400
Hello all. I have read through all of the posts I could find in the 
archives and on Google about IPSec with Racoon.

I have two Monowalls running on Soekris boards. They both have DSLs with 
static IPs. The provider, BellSouth does not filter IPSec or PPTP.

I am using 1.11 on both. I need a permanent tunnel between the two.

I am running both IPSec and PPTP at the same time. PPTP makes it easy to 
remotely administer the routers.

I have followed the guides to the letter and cannot get a IPSec tunnel.
I even started with a very basic connection changing very few defaults.

Here is the racoon.conf file of router 1 -
$ cat /var/etc/racoon.conf
path pre_shared_key "/var/etc/psk.txt";

remote xxx.xxx.xxx.xxx {
     exchange_mode aggressive;
     my_identifier address "yyy.yyy.yyy.yyy";
     peers_identifier address xxx.xxx.xxx.xxx;
     initial_contact on;
     support_proxy on;
     proposal_check obey;

     proposal {
         encryption_algorithm 3des;
         hash_algorithm md5;
         authentication_method pre_shared_key;
         dh_group 2;
         lifetime time 28800 secs;
     }
     lifetime time 28800 secs;
}

sainfo address 192.168.1.0/24 any address 192.168.0.0/24 any {
     encryption_algorithm 3des,blowfish,cast128,rijndael;
     authentication_algorithm hmac_md5,hmac_sha1;
     compression_algorithm deflate;
     lifetime time 28800 secs;
}

Here is the output of router 2 -
$ cat /var/etc/racoon.conf
path pre_shared_key "/var/etc/psk.txt";

remote yyy.yyy.yyy.yyy {
     exchange_mode aggressive;
     my_identifier address "xxx.xxx.xxx.xxx";
     peers_identifier address yyy.yyy.yyy.yyy;
     initial_contact on;
     support_proxy on;
     proposal_check obey;

     proposal {
         encryption_algorithm 3des;
         hash_algorithm md5;
         authentication_method pre_shared_key;
         dh_group 2;
         lifetime time 28800 secs;
     }
     lifetime time 28800 secs;
}

sainfo address 192.168.0.0/24 any address 192.168.1.0/24 any {
     encryption_algorithm 3des,blowfish,cast128,rijndael;
     authentication_algorithm hmac_md5,hmac_sha1;
     compression_algorithm deflate;
     lifetime time 28800 secs;
}


What am I overlooking? Any help here would be greatly appreciated.

thank you.