package: racoon
version: 1:0.6.7-1.1
I have set up VPN between two debian-unstable machines, using
racoon-tool, with following config:
peer(%default):
verify_identifier: on
hash_algorithm[0]: sha1
encryption_algorithm[0]: aes
connection(%default):
src_ip: 212.179.137.34
connection(CM-arieh):
dst_ip: 62.219.196.66
admin_status: enabled
peer(62.219.196.66):
peers_identifier: address
When I ping the peer (62.219.196.66), I get following errors:
...
Nov 14 22:16:46 rebel racoon: DEBUG: hmac(hmac_sha1)
Nov 14 22:16:46 rebel racoon: DEBUG: HASH computed:
Nov 14 22:16:46 rebel racoon: DEBUG: 1c79ed22 ffb9b18f e4bbb005
ac706658 f8073ff3
Nov 14 22:16:46 rebel racoon: ERROR: failed to get sainfo.
Nov 14 22:16:46 rebel racoon: ERROR: failed to get sainfo.
Nov 14 22:16:46 rebel racoon: ERROR: failed to pre-process packet.
There are many HOWTOs on internet, that say that the above
configuration should work:
http://www.gir.me.uk/computers/debian_vpn.html
http://www.neowin.net/forum/lofiversion/index.php/t396262.html
http://www.cyberdogsecurity.net/firewalls/tutorial.php?page=ipsec
After I modified the racoon-tool to add following section to
/var/lib/racoon/racoon.conf, everything worked:
sainfo anonymous {
lifetime time 60 min;
encryption_algorithm aes,3des ;
authentication_algorithm hmac_sha1,hmac_md5;
compression_algorithm deflate ;
}
I don't know why it helped though.
--
Arieh
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
