[Kvpnc-user] trouble connecting using ipsec part 3

Tue, 09 Aug 2005 22:10:52 +0200 

>> When pinging the remote local network (192.168.50.x) I get this:
[EMAIL PROTECTED]:~> ping 192.168.50.4
>> connect: No such process
>> [EMAIL PROTECTED]:~>

>Can you increase the debug level of racoon?

When I increase the debug level of racoon it sets itself back to 0. I
tried the general debug setting. I found the logfile which shows this:

2005-08-09 21:37:29: INFO: @(#)ipsec-tools 0.5
(http://ipsec-tools.sourceforge.net)
2005-08-09 21:37:29: INFO: @(#)This product linked OpenSSL 0.9.7e 25 Oct
2004 (http://www.openssl.org/)
2005-08-09 21:37:29: INFO: unsupported PF_KEY message REGISTER
2005-08-09 21:37:29: INFO: unsupported PF_KEY message REGISTER
2005-08-09 21:37:29: INFO: unsupported PF_KEY message REGISTER
2005-08-09 21:37:29: ERROR: /root/.kde/share/apps/kvpnc/racoon.NXS.conf:9:
"d" syntax error
2005-08-09 21:37:29: ERROR: fatal parse failure (1 errors)

The conf file:
path pre_shared_key "/root/.kde/share/apps/kvpnc/psk.NXS.key";

remote 217.115.198.249 {
  exchange_mode main;
  proposal {
    encryption_algorithm 3des;
    hash_algorithm md5;
    authentication_method pre_shared_key;
    dh_group dh2;   <---- this line causes the error
  }
}

sainfo address 192.168.20.3
 any address 192.168.50.0/24 any {
  pfs_group modp768;
  encryption_algorithm 3des;
  authentication_algorithm hmac_md5;
  compression_algorithm deflate;
}

I turned IKE dh group off in my profile. Then the logfile looks ok:
2005-08-09 22:06:48: INFO: @(#)ipsec-tools 0.5
(http://ipsec-tools.sourceforge.net)
2005-08-09 22:06:48: INFO: @(#)This product linked OpenSSL 0.9.7e 25 Oct
2004 (http://www.openssl.org/)
2005-08-09 22:06:48: INFO: 127.0.0.1[500] used as isakmp port (fd=5)
2005-08-09 22:06:48: INFO: 127.0.0.1[500] used for NAT-T
2005-08-09 22:06:48: INFO: 192.168.20.3[500] used as isakmp port (fd=6)
2005-08-09 22:06:48: INFO: 192.168.20.3[500] used for NAT-T
2005-08-09 22:06:48: INFO: ::1[500] used as isakmp port (fd=7)
2005-08-09 22:06:48: INFO: fe80::20c:6eff:fef8:ed08%eth0[500] used as
isakmp port (fd=8)

Now I get this:
[EMAIL PROTECTED]:~> ping 192.168.50.4
connect: Resource temporarily unavailable


thanks,
Anne

Reply via email to