On 6/6/05, Cristian Mitrana <[EMAIL PROTECTED]> wrote:
> Cosmin Codita wrote:
> > salut
> > a incercat cineva (si a reusit) ipsec cu kame (pe linux) si cu clienti
> > windows si nat traversal ?
> > daca da. cum...
> > nu ma luati cu "citeste & stuff"
> > imi da eroarea: Expecting IP address type in main mode, but FQDN.
> >
>=20
>=20
> da mai multe detalii te rog: racoon.conf, SPD-ul si cum anume incerci
> sa te conectezi cu windows. Verifica la windows daca suporta NAT-T
> (era un patch pentru unele versiuni, XP-ul stia fara patch-uri), ce
> versiune de windows ai si cum anume il configurezi ?
>=20
> mitu
>=20
path certificate "/etc/racoon/certs" ;
path pre_shared_key "/etc/racoon/psk.txt";
listen
{
# isakmp 192.168.3.254[500];
# isakmp_natt 192.168.3.254[4500];
strict_address;
}
padding
{
maximum_length 20; # maximum padding length.
randomize off; # enable randomize length.
strict_check off; # enable strict check.
exclusive_tail off; # extract last one octet.
}
=20
remote anonymous
{
exchange_mode main,base,aggressive;
generate_policy on ;
passive on ;
# certificate_type x509 "GatewayA.pem" "GatewayA_key.pem" ;
certificate_type x509 "CAcert.pem" "CAkey.pem";
# verify_cert on;
=20
my_identifier asn1dn;
peers_identifier asn1dn;
nat_traversal on;
verify_identifier off ;
lifetime time 24 hour ;
proposal_check obey;
ike_frag on;
proposal {
encryption_algorithm 3des ;
hash_algorithm sha1;
#authentication_method pre_shared_key;
authentication_method rsasig ;
dh_group 2 ;
}
}
sainfo anonymous
{
pfs_group 2;
lifetime time 12 hour ;
encryption_algorithm 3des, rijndael ;
authentication_algorithm hmac_sha1, hmac_md5 ;
compression_algorithm deflate ;
}
am incercat si psk si ceritificate.
da cam aceeasi eroare.
in windows am conf din console management etc...
fara nat-t e ok.=20
patch-ul de windows e pus (teoretic).
racoon e cu suport de nat-t.
>=20
> ---
> Detalii despre listele noastre de mail: http://www.lug.ro/
>=20
>=20
>
---
Detalii despre listele noastre de mail: http://www.lug.ro/
