I noticed that it only works if I start the negotiation on the other
side.
My ipsec vpn is not autonegotiating automaticlly for
some reason I cant figure out.
The last message I get on the logs is still the same: "racoon: INFO:
unsupported PF_KEY message REGISTER". Isnt it supposed to at least try
to start the connection?
#/var/etc/racoon.conf
path pre_shared_key "/var/etc/psk.txt";
path certificate "/var/etc";
remote 189.169.120.7 {
exchange_mode main;
my_identifier address "189.203.125.24";
peers_identifier address 189.169.120.7;
initial_contact on;
support_proxy on;
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
lifetime time 14400 secs;
}
lifetime time 14400 secs;
}
sainfo address 189.203.125.24/32 any address 189.169.114.1/32 any {
encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
pfs_group 2;
lifetime time 28800 secs;
Gary Buckmaster wrote:
Sounds like you have the two different ends of your tunnel
configured differently. Double check both configurations and make sure
they match exactly.
Fabio C Flores wrote:
Hi there, Im trying to setup a site-to-site
ipsec VPN, when I start the serveice I get "unsupported PF_KEY message
REGISTER". I tried the forum but couldnt find any clues or solution. Im
not sure if its a known issue.
Apr 7 11:11:34 racoon: INFO: unsupported PF_KEY message REGISTER
Apr 7 11:11:34 racoon: *[Self]*: INFO: 10.0.2.1[500] used as isakmp
port (fd=28)
Apr 7 11:11:34 racoon: INFO: fe80::215:17ff:fe51:4a16%em0[500] used
as isakmp port (fd=27)
Apr 7 11:11:34 racoon: *[Self]*: INFO: xxx.xxx.xxx.xx[500] used as
isakmp port (fd=26)
Apr 7 11:11:34 racoon: INFO: fe80::215:17ff:fe51:4a17%em1[500] used
as isakmp port (fd=25)
Apr 7 11:11:34 racoon: *[Self]*: INFO: 10.1.0.1[500] used as isakmp
port (fd=24)
Apr 7 11:11:34 racoon: INFO: fe80::21c:23ff:fee1:f7d1%bge0[500]
used as isakmp port (fd=23)
Apr 7 11:11:34 racoon: *[Self]*: INFO: 10.0.2.4[500] used as isakmp
port (fd=22)
Apr 7 11:11:34 racoon: INFO: fe80::21c:23ff:fee1:f7d2%bge1[500]
used as isakmp port (fd=21)
Apr 7 11:11:34 racoon: *[Self]*: INFO: 127.0.0.1[500] used as
isakmp port (fd=20)
Apr 7 11:11:34 racoon: INFO: ::1[500] used as isakmp port (fd=19)
Apr 7 11:11:34 racoon: INFO: fe80::1%lo0[500] used as isakmp port
(fd=18)
Apr 7 11:11:34 racoon: *[Self]*: INFO: xxx.xxx.xxx.xx[500] used as
isakmp port (fd=17)
Apr 7 11:11:34 racoon: INFO: fe80::215:17ff:fe51:4a16%tun0[500]
used as isakmp port (fd=16)
Apr 7 11:11:34 racoon: *[Self]*: INFO: 192.168.66.1[500] used as
isakmp port (fd=15)
Apr 7 11:11:34 racoon: *[Self]*: INFO: 10.0.2.6[500] used as isakmp
port (fd=14)
Apr 7 11:11:34 racoon: INFO: fe80::215:17ff:fe51:4a16%lagg0[500]
used as isakmp port (fd=13)
Apr 7 11:11:34 racoon: INFO: @(#)This product linked OpenSSL
0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
Apr 7 11:11:34 racoon: INFO: @(#)ipsec-tools 0.6.7
(http://ipsec-tools.sourceforge.net)
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
|
