[EMAIL PROTECTED] (Andreas Vvgele) writes: > Tom Menari writes: > >> Can anyone reccomend a client configuration for IPsec from a roaming >> Linux machine that works with OpenBSD's ipsecctl? >> >> I have tried Openswan and racoon and both have thier problems. >> Currently using X509 certificates but if anyone has public keys >> working that would be good too. > > I've got an OpenBSD road warrior that connects to a Debian server > running racoon. So far I haven't connected a Linux road warrior to an > OpenBSD machine but the following setup might work. [...]
I've just tried to use the setup that I described and it doesn't work. You ought to add "nat_traversal on" to the remote section of the racoon configuration. I also forget to mention that you have to specify policies on the Linux side. On Debian the policies may be set statically in /etc/ipsec-tools.conf but in a road warrior setup you probably have to run setkey from a dhclient script. But now isakmpd outputs the error message "ike_phase_1_recv_ID: received remote ID other than expected foo.example.org" although "my_identifier fqdn" is used on the Linux side. Unfortunately, isakmpd doesn't tell me what type of remote ID it got. The debug output on the Linux side is even more useless. I'm giving up. If I were you I'd use OpenVPN, which can be set up in a few minutes without getting a headache.
