I'm running astlinux-0.6.7 (Asterisk 1.4.26) on a Soekris net 5501 and I am trying to setup a gateway to gateway VPN with a Cisco PIX device. Both devices have external interfaces on the internet (static IP for PIX and dynamic for soekris). The PIX is configured with a pre-shared key, 3DES encryption, MD5 Hash, group 2, lifetime 86400, and the ip range/mask of the LAN segment on the soekris. In astlinux, I've enabled the racoon-ipsec-vpn plugin, checked "IPsec" under VPN Type and on the IPsec config page I have defined the appropriate addressing info, w/ a 3DES/MD5 profile, the same PSK, NAT "off", and a log level of debug. The following is the log info I see on the status page after restarting IPsec:
Sep 14 19:51:34 pbx daemon.info racoon: INFO: racoon shutdown Sep 14 19:51:34 pbx user.info firewall: ** Restarting Arno's Iptables Firewall v1.8.8n ** Sep 14 19:51:40 pbx user.info firewall: ** All firewall rules applied ** Sep 14 19:51:41 pbx daemon.info racoon: INFO: @(#)ipsec-tools 0.7.2 (http://ipsec-tools.sourceforge.net) Sep 14 19:51:41 pbx daemon.info racoon: INFO: @(#)This product linked OpenSSL 0.9.7m 23 Feb 2007 (http://www.openssl.org/) Sep 14 19:51:41 pbx daemon.info racoon: INFO: Reading configuration from "/tmp/etc/racoon.conf" Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: compression algorithm can not be checked because sadb message doesn't support it. Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: getsainfo params: loc='192.168.168.0/24', rmt='192.168.2.0/24', peer='NULL', id=0 Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: getsainfo pass #2 Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: open /var/racoon/racoon.sock as racoon management. Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: my interface: 192.168.168.1 (br0) Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: my interface: 192.168.169.1 (eth3) Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: my interface: 69.114.2.42 (eth0) Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: my interface: 127.0.0.1 (lo) Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: configuring default isakmp port. Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: 4 addrs are configured successfully Sep 14 19:51:42 pbx daemon.info racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=8) Sep 14 19:51:42 pbx daemon.info racoon: INFO: 127.0.0.1[500] used for NAT-T Sep 14 19:51:42 pbx daemon.info racoon: INFO: 69.114.2.42[500] used as isakmp port (fd=9) Sep 14 19:51:42 pbx daemon.info racoon: INFO: 69.114.2.42[500] used for NAT-T Sep 14 19:51:42 pbx daemon.info racoon: INFO: 192.168.169.1[500] used as isakmp port (fd=10) Sep 14 19:51:42 pbx daemon.info racoon: INFO: 192.168.169.1[500] used for NAT-T Sep 14 19:51:42 pbx daemon.info racoon: INFO: 192.168.168.1[500] used as isakmp port (fd=11) Sep 14 19:51:42 pbx daemon.info racoon: INFO: 192.168.168.1[500] used for NAT-T Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: pk_recv: retry[0] recv() Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: get pfkey X_SPDDUMP message Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: pfkey X_SPDDUMP failed: No such file or directory A ping test from an SSH session on the soekris box to a host on the remote network fails. Any idea what I am doing wrong? Tom Mazzotta, President | TITAN MICROSYSTEMS ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
