IPSEC Problems
Aaron Siegel
aj at siegel-tech.net
Fri Aug 27 17:19:59 PDT 2004
Hello
I am stumped I am try to get a very simple IPSEC tunnel between my laptops and
gateway. I can not seem to get the IKE to authenticate. I have had this
working in with my other server which has been moved to a new location. I
have a FreeBSD 4.10 Stable server and an 5.2.1 Release. I am aware of the
problems with 5.2.1. I am not sure what I am missing. Is there a problem with
4.10 Stable? Both, my Window XP machine and FreeBSD 5.2.1 are able to
create a link with my new server, both of these computers were working with
my old server.
I have been able to setup a link between this computer and with my other
server. I have listed my configuration bellow
Thank you,
Aaron
Laptop config
/etc/ipsec.conf
spdadd 192.168.245.12/32 0.0.0.0/0 tcp -P out ipsec
esp/tunnel/192.168.245.12-192.168.245.1/require;
spdadd 0.0.0.0/0 192.168.245.12/32 tcp -P in ipsec
esp/tunnel/192.168.245.1-192.168.245.12/require;
I have copied the racoon.conf.dist file to /usr/local/etc/racoon/racoon.conf I
have change the "life time" parameter to "1 hour"
/usr/local/etc/racoon/psk.txt
192.168.245.1 Secret Key
Kernel
options IPSEC
options IPSEC_ESP
options IPSEC_DEBUG
Server
/etc/ipsec.conf
spdadd 192.168.245.12/32 0.0.0.0/0 tcp -P in ipsec
esp/tunnel/192.168.245.12-192.168.245.1/require;
spdadd 0.0.0.0/0 192.168.245.12/32 tcp -P out ipsec
esp/tunnel/192.168.245.1-192.168.245.12/require;
spdadd 192.168.245.15/32 0.0.0.0/0 any -P in ipsec
esp/tunnel/192.168.245.15-192.168.245.1/require;
spdadd 0.0.0.0/0 192.168.245.15/32 any -P in ipsec
esp/tunnel/192.168.245.1-192.168.245.15/require;
I have copied the racoon.conf.dist file to /usr/local/etc/racoon/racoon.conf
I have change the "life time" parameter to "1 hour"
/usr/local/etc/racoon/psk.txt
192.168.245.12 Secret Key
192.168.245.15 Secret Key
Kernel
options FAST_IPSEC
More information about the freebsd-questions
mailing list