racoon + roadwarrior

Papp Tamás Thu, 18 Sep 2008 07:39:45 -0700

hali!

A celom, hogy egy VPN szerverhez tudjanak kapcsolodni a roadwarrior 
kliensek ipsec-en keresztul. Egyelore windowsok, de kesobb egyeb OS-ek 
(soho zyxel routerek).
Ez alapjan probalkoztam: http://www.howtoforge.com/racoon_roadwarrior_vpn


Linuxos kliensem sajnos nincs, azzal nem tudom tesztelni.

A windowsos letoltheto kliens egy kicsit mar mas, de megprobaltam 
hasonlora beallitani, mint ami itt szerepel, de nem mukodik.

A linux-on ez van a logban, nem tul bobeszedu:

Sep 17 20:17:57 vpn racoon: INFO: respond new phase 1 negotiation: 
x.x.x.x[500]<=>y.y.y.y[62635]
Sep 17 20:17:57 vpn racoon: INFO: begin Aggressive mode.
Sep 17 20:17:57 vpn racoon: INFO: received Vendor ID: 
draft-ietf-ipsra-isakmp-xauth-06.txt
Sep 17 20:17:57 vpn racoon: INFO: received Vendor ID: 
draft-ietf-ipsec-nat-t-ike-00
Sep 17 20:17:57 vpn racoon: INFO: received Vendor ID: 
draft-ietf-ipsec-nat-t-ike-01
Sep 17 20:17:57 vpn racoon: INFO: received Vendor ID: 
draft-ietf-ipsec-nat-t-ike-02
Sep 17 20:17:57 vpn racoon: INFO: received Vendor ID: 
draft-ietf-ipsec-nat-t-ike-03
Sep 17 20:17:57 vpn racoon: INFO: received Vendor ID: RFC 3947
Sep 17 20:17:57 vpn racoon: INFO: received broken Microsoft ID: 
FRAGMENTATION
Sep 17 20:17:57 vpn racoon: INFO: received Vendor ID: DPD
Sep 17 20:17:57 vpn racoon: INFO: received Vendor ID: CISCO-UNITY
Sep 17 20:18:32 vpn racoon: ERROR: phase1 negotiation failed due to time 
up. bbda92525c4d15fd:fe1eedf5ad2bd98b
Sep 17 20:18:57 vpn racoon: ERROR: phase1 negotiation failed due to time 
up. 340af47a86205990:3388ceda4d3a1923



Mit szurok el, vagy mit kellene csinalni? Csinalta mar vki sikeresebben?
Esetleg ha ezzel nem, openswannal?

Ubuntu 8.04

Koszi,

tompos



racoon.conf:

path certificate "/etc/openvpn/keys";
listen {
        adminsock disabled;
}
remote anonymous {
        exchange_mode aggressive,main;
        certificate_type x509 "server.crt" "server.key";
        #claiming the options requested by other peer
proposal_check claim;
        generate_policy on;
        verify_cert off;
        nat_traversal off;
        dpd_delay 20;
        ike_frag on;
        proposal {
                encryption_algorithm aes;
                hash_algorithm md5;
                authentication_method hybrid_rsa_server;
                dh_group 2;
        }
}
mode_cfg {
        network4 172.16.0.10;
        pool_size 20;
        netmask4 255.255.255.0;
        auth_source system;
        conf_source local;
        dns4 172.16.0.1;
        wins4 172.16.0.1;
        banner "/etc/racoon/motd";
}
sainfo anonymous {
        pfs_group 2;
        lifetime time 1 hour;
        encryption_algorithm aes;
        authentication_algorithm hmac_md5;
        compression_algorithm deflate;
}

_________________________________________________
linux lista      -      [email protected]
http://mlf2.linux.rulez.org/mailman/listinfo/linux

racoon + roadwarrior

válasz