Good Evening all,
I am currently working on a debian spoke to Cisco hub DMVPN solution.
The initial ISAKMP phase goes well and a proposal is agreed, the
opennhrp-script then runs on to the next line and calls:
"racoonctl establish-sa -w esp inet <local interface ip> <remote interface
ip> gre"
and immediately after running this I get:
"racoon: NOTIFY: no outbound policy found: <local interface ip>/32[0]
<remote interface ip>/32[0] proto=47 dir=out"
setkey -DP shows
-----------------------
0.0.0.0 0.0.0.0 gre
fwd prio def ipsec
esp/transport//require
created: Jan 1 00:54:11 2000 lastused:
lifetime: 0(s) validtime: 0(s)
spid=3098 seq=53 pid=4206
refcnt=1
0.0.0.0 0.0.0.0 gre
in prio def ipsec
esp/transport//require
created: Jan 1 00:54:11 2000 lastused:
lifetime: 0(s) validtime: 0(s)
spid=3088 seq=54 pid=4206
refcnt=1
0.0.0.0 0.0.0.0 gre
out prio def ipsec
esp/transport//require
created: Jan 1 00:54:11 2000 lastused:
lifetime: 0(s) validtime: 0(s)
spid=3081 seq=0 pid=4206
refcnt=1
----------------------------
immediately after the above error opennhrp quite rightly reports that the
peer up script has failed with:
"opennhrp[3924]: [<gre remote endpoint ip>] Peer up script failed:
exitstatus 1"
I'm new to OpenNHRP and Racoon, and I am obviously doing something wrong
but I cannot figure it out and would appreciate some help. At the moment I
am just attempting to get a very simple test system up, but to me it looks
like the policies are in place so I am a bit confused about the error
message.
----------------
Additional info:
------racoon.conf---------
path include "<local path>";
path pre_shared_key "<psk file>";
listen {
adminsock "/var/racoon/racoon.sock" "root" "operator" 0660;
}
remote anonymous
{
exchange_mode main;
lifetime time 24 hour;
proposal {
encryption_algorithm aes;
hash_algorithm sha256;
authentication_method pre_shared_key ;
dh_group 1;
}
}
sainfo anonymous
{
lifetime time 24 hour;
encryption_algorithm aes;
authentication_algorithm hmac_sha256;
compression_algorithm deflate ;
}
-----end racoon.conf-----
------opennhrp.conf------
interface gre1
map <gre remote endpoint ip>/24 <remote interface ip> register cisco
cisco-authentication 1234
shortcut
redirect
non-caching
interface lo
shortcut-destination
------end opennhrp.conf-------
------------------------
All help is greatly appreciated,
Best Regards,
Chris.
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
opennhrp-devel mailing list
opennhrp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opennhrp-devel
