Tom, One issue with IPsec in 0.6.x is the AstLinux pre-shared-key has double-quotes added to the text, this has been fixed in trunk/0.7. Not a problem when connecting two AstLinux boxes, but would be in your case.
On your PIX, if you can surround your key with double-quotes you will have a better chance. In the near future, trunk/0.7 has improved IPsec interoperability, more IPsec options, and a better ipsec-vpn firewall plugin. Lonnie On Sep 14, 2009, at 6:55 PM, Tom Mazzotta wrote: > I'm running astlinux-0.6.7 (Asterisk 1.4.26) on a Soekris net 5501 > and I am trying to setup a gateway to gateway VPN with a Cisco PIX > device. Both devices have external interfaces on the internet > (static IP for PIX and dynamic for soekris). The PIX is configured > with a pre-shared key, 3DES encryption, MD5 Hash, group 2, lifetime > 86400, and the ip range/mask of the LAN segment on the soekris. In > astlinux, I've enabled the racoon-ipsec-vpn plugin, checked "IPsec" > under VPN Type and on the IPsec config page I have defined the > appropriate addressing info, w/ a 3DES/MD5 profile, the same PSK, > NAT "off", and a log level of debug. The following is the log info I > see on the status page after restarting IPsec: > > Sep 14 19:51:34 pbx daemon.info racoon: INFO: racoon shutdown > Sep 14 19:51:34 pbx user.info firewall: ** Restarting Arno's > Iptables Firewall v1.8.8n ** > Sep 14 19:51:40 pbx user.info firewall: ** All firewall rules > applied ** > Sep 14 19:51:41 pbx daemon.info racoon: INFO: @(#)ipsec-tools 0.7.2 > (http://ipsec-tools.sourceforge.net > ) > Sep 14 19:51:41 pbx daemon.info racoon: INFO: @(#)This product > linked OpenSSL 0.9.7m 23 Feb 2007 (http://www.openssl.org/) > Sep 14 19:51:41 pbx daemon.info racoon: INFO: Reading configuration > from "/tmp/etc/racoon.conf" > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: compression > algorithm can not be checked because sadb message doesn't support it. > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: getsainfo params: > loc='192.168.168.0/24', rmt='192.168.2.0/24', peer='NULL', id=0 > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: getsainfo pass #2 > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: open /var/racoon/ > racoon.sock as racoon management. > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: my interface: > 192.168.168.1 (br0) > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: my interface: > 192.168.169.1 (eth3) > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: my interface: > 69.114.2.42 (eth0) > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: my interface: > 127.0.0.1 (lo) > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: configuring default > isakmp port. > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: 4 addrs are > configured successfully > Sep 14 19:51:42 pbx daemon.info racoon: INFO: 127.0.0.1[500] used as > isakmp port (fd=8) > Sep 14 19:51:42 pbx daemon.info racoon: INFO: 127.0.0.1[500] used > for NAT-T > Sep 14 19:51:42 pbx daemon.info racoon: INFO: 69.114.2.42[500] used > as isakmp port (fd=9) > Sep 14 19:51:42 pbx daemon.info racoon: INFO: 69.114.2.42[500] used > for NAT-T > Sep 14 19:51:42 pbx daemon.info racoon: INFO: 192.168.169.1[500] > used as isakmp port (fd=10) > Sep 14 19:51:42 pbx daemon.info racoon: INFO: 192.168.169.1[500] > used for NAT-T > Sep 14 19:51:42 pbx daemon.info racoon: INFO: 192.168.168.1[500] > used as isakmp port (fd=11) > Sep 14 19:51:42 pbx daemon.info racoon: INFO: 192.168.168.1[500] > used for NAT-T > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: pk_recv: retry[0] > recv() > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: get pfkey X_SPDDUMP > message > Sep 14 19:51:42 pbx daemon.debug racoon: DEBUG: pfkey X_SPDDUMP > failed: No such file or directory > > A ping test from an SSH session on the soekris box to a host on the > remote network fails. Any idea what I am doing wrong? > > Tom Mazzotta, President | TITAN MICROSYSTEMS ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
