I have been running 1.2-BETA-2 since early last week and all seems
great. I just upgraded two test boxes (with pre-configured & working
IPSec tunnels) to the latest 1.2-BETA-2 SNAP and it severely broke
IPSec.
racoon.conf:
path pre_shared_key "/var/etc/psk.txt";
path certificate "/var/etc";
remote 63.63.63.63{
exchange_mode main;
my_identifier address "63.63.63.64";
peers_identifier address 63.63.63.63;
initial_contact on;
support_proxy on;
proposal_check obey;
proposal {
encryption_algorithm rijndael 256;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 5;
lifetime time 28800 secs;
}
lifetime time 28800 secs;
}
sainfo address 192.168.168.0/24 any address 10.10.10.0/24any {
encryption_algorithm rijndael 256;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
pfs_group 5;
lifetime time 3600 secs;
}
I have recently switched my test tunnels to rijndael 256 w/ SHA1
.... everythings works great when I downgraded back to the original
1.2-BETA-2.
