Thanks Graham, On Saturday 16 May 2009, Graham Murray wrote:
> Here are some samples. > > /etc/racoon/racoon.conf > /etc/racoon/psk.txt > /etc/ipsec.conf Do I need a /etc/setkey.conf file? How do I create it? When I run '/etc/init.d/racoon start' this is what I get: =========================================== # /etc/init.d/racoon --verbose restart * Loading ipsec policies from /etc/ipsec.conf. * Starting racoon ... /usr/sbin/racoon: invalid option -- '4' usage: racoon [-BdFv] [-a (port)] [-f (file)] [-l (file)] [-p (port)] -B: install SA to the kernel from the file specified by the configuration file. -d: debug level, more -d will generate more debug message. -C: dump parsed config file. -L: include location in debug messages -F: run in foreground, do not become daemon. -v: be more verbose -a: port number for admin port. -f: pathname for configuration file. -l: pathname for log file. -p: port number for isakmp (default: 500). -P: port number for NAT-T (default: 4500). [ !! ] =========================================== I am not sure I do this right. The remote router's LAN is 10.10.10.0/24. This is the same like my local LAN's subnet. My local LAN ip is 10.10.10.5. The remote router is giving (or is it expecting?) addresses for clients in the 172.16.1.0/24 subnet. How should I configure the /etc/ipsec.conf file? -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
