[ previous ] [ next ] [ threads ]
 
 From:  Dana Spiegel <dana at sociableDESIGN dot com>
 To:  'M0n0wall' <m0n0wall at lists dot m0n0 dot ch>
 Subject:  IPSEC VPN problem on 1.1
 Date:  Wed, 25 Aug 2004 16:25:03 -0400
I'm having trouble getting a site to site vpn up and running. I've 
followed the instructions in the m0n0wall documentation for configuring 
the vpn, but I keep getting the following error on my soekris box error log:

racoon: ERROR: isakmp.c:861:isakmp_ph1begin_r(): couldn't find 
configuration.

My setup is a soekris box on a cable modem (Time warner cable in the US) 
connecting to a generic PC (cd-rom based m0n0wall) on a symmetric 
1.5mbps DSL line.

Here are the two racoon.conf files:

Generic PC CD-ROM
-----------------------------

path pre_shared_key "/var/etc/psk.txt";

remote 68.174.123.110 {
	exchange_mode aggressive;
	my_identifier address "216.220.101.74";
	peers_identifier address 68.174.123.110;
	initial_contact on;
	support_proxy on;
	proposal_check obey;

	proposal {
		encryption_algorithm blowfish;
		hash_algorithm sha1;
		authentication_method pre_shared_key;
		dh_group 2;
		lifetime time 28800 secs;
	}
	lifetime time 28800 secs;
}

sainfo address 10.1.0.0/16 any address 10.0.0.0/24 any {
	encryption_algorithm blowfish;
	authentication_algorithm hmac_sha1;
	compression_algorithm deflate;
	lifetime time 86400 secs;
}



Soekris
------------

path pre_shared_key "/var/etc/psk.txt";

remote 216.220.96.17 {
	exchange_mode aggressive;
	my_identifier address "68.174.123.110";
	peers_identifier address 216.220.96.17;
	initial_contact on;
	support_proxy on;
	proposal_check obey;

	proposal {
		encryption_algorithm blowfish;
		hash_algorithm sha1;
		authentication_method pre_shared_key;
		dh_group 2;
		lifetime time 28800 secs;
	}
	lifetime time 28800 secs;
}

sainfo address 10.0.0.0/24 any address 10.1.0.0/16 any {
	encryption_algorithm blowfish;
	authentication_algorithm hmac_sha1;
	compression_algorithm deflate;
	lifetime time 86400 secs;
}

The are mirror images of each other... so I can't figure out why the VPN 
won't connect... the psk.conf files are identical.

I've even tried "ping -S 10.0.0.1 -c4 10.1.0.10" (and the like) from 
both endpoints using exec.php, but the pings just time out...

Can someone help me out? I'm at my wits end...
-- 

*D a n a   S p i e g e l*
*s o c i a b l e D E S I G N*  *::*  *www.sociableDESIGN.com 
<http://www.sociableDESIGN.com>*
123 Bank Street, Suite 510, New York, NY 10014
p  +1 917 402 0422  ::  e  dana at sociableDESIGN dot com 
<mailto:dana at sociableDESIGN dot com>