Hi all
I am currently having problems configuring a racoon vpn on a linux server. From the vpn client machines, I can communicate with the server, and rdesktop into machines behind the vpn server. But from the server, and other machines on the internal network I cannot communicate with the vpn client.
The configuration is as such
Internal network || Linux server / gateway with racoon installed || Internet || Home router || vpn clients
Config file and output has been sterilised, if theres anything else required I can get it as required.
Nick
Code:
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
listen {
isakmp xxxx [500];
isakmp_natt xxxx [4500];
}
mode_cfg {
#starting address of the IP address pool
network4 192.168.5.1;
#maximum number of clients
pool_size 20;
#network mask
netmask4 255.255.255.0;
#authentication source â user database on the system
auth_source system;
#configuration source â from data given in this section
conf_source local;
#DNS and WINS servers IP addresses
dns4 192.168.1.1;
wins4 192.168.1.1;
#banner file â welcome message
banner "/etc/racoon/motd";
split_network include 192.168.1.0/24;
}
remote anonymous {
# my_identifier keyid tag "linetechphones" ;
exchange_mode aggressive;
lifetime time 120 hours;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2;
}
proposal_check obey;
generate_policy on;
ike_frag on;
mode_cfg on;
# script "/etc/racoon/phase1-up.sh" phase1_up;
# script "/etc/racoon/phase1-down.sh" phase1_down;
# nat_traversal force;
}
#
sainfo anonymous {
pfs_group 2;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
lifetime time 120 hours`;
}
Racoon output
Code:
2010-08-30 15:11:38: INFO: respond new phase 1 negotiation: xxxx[500]<=>202.180.112.189[500]
2010-08-30 15:11:38: INFO: begin Aggressive mode.
2010-08-30 15:11:38: INFO: received Vendor ID: DPD
2010-08-30 15:11:38: INFO: ISAKMP-SA established 203.97.202.182[500]-202.180.112.189[500] spi:2d220fd57d065a91:268dd164d7e58c20
2010-08-30 15:11:38: INFO: Using port 0
2010-08-30 15:11:38: WARNING: Ignored attribute 0
2010-08-30 15:11:38: WARNING: Ignored attribute 0
2010-08-30 15:11:39: INFO: respond new phase 2 negotiation: xxxx[500]<=>xxxx[500]
2010-08-30 15:11:39: INFO: no policy found, try to generate the policy : 192.168.5.1/32[0] 192.168.5.1/0[0] proto=any dir=in
2010-08-30 15:11:39: INFO: IPsec-SA established: ESP/Tunnel 202.180.112.189[0]->203.97.202.182[0] spi=117424514(0x6ffc182)
2010-08-30 15:11:39: INFO: IPsec-SA established: ESP/Tunnel 203.97.202.182[500]->xxxx[500] spi=653297997(0x26f0894d)
2010-08-30 15:11:39: ERROR: such policy does not already exist: "192.168.5.1/32[0] 192.168.5.1/0[0] proto=any dir=in"
2010-08-30 15:11:39: ERROR: such policy does not already exist: "192.168.5.1/32[0] 192.168.5.1/0[0] proto=any dir=fwd"
2010-08-30 15:11:39: ERROR: such policy does not already exist: "192.168.5.1/0[0] 192.168.5.1/32[0] proto=any dir=out"
Similar Threads
Linear Mode
