<div dir="ltr">Hi Paul,<br><br>The configuration is:<br><br># Racoon IKE daemon configuration file.<br># See 'man racoon.conf' for a description of the format and entries.<br><br>path include "/etc/racoon";<br>
path pre_shared_key "/etc/racoon/psk.txt";<br>path certificate "/etc/racoon/certs";<br><br>sainfo anonymous<br>{<br> pfs_group 2;<br> lifetime time 1 hour ;<br> encryption_algorithm 3des, blowfish 448, rijndael ;<br>
authentication_algorithm hmac_sha1, hmac_md5 ;<br> compression_algorithm deflate ;<br>}<br><br>remote A.A.A.A<br>{<br> exchange_mode aggressive, main;<br> my_identifier address;<br> proposal {<br>
encryption_algorithm rijndael;<br> hash_algorithm sha1;<br> authentication_method pre_shared_key;<br> dh_group 2 ;<br> }<br>}<br><br><br><br><br>config setup<br>
# Debug-logging controls: "none" for (almost) none, "all" for lots.<br> # klipsdebug=none<br> # plutodebug="control parsing"<br> # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey<br>
protostack=netkey<br> nat_traversal=yes<br><br>conn ord-lan<br> authby=secret<br> keylife=3600s<br> left=A.A.A.A<br> leftsubnet=<a href="http://172.16.0.0/24">172.16.0.0/24</a><br> leftnexthop=C.C.C.C<br>
leftsourceip=<a href="http://172.16.0.254">172.16.0.254</a><br> right=B.B.B.B<br> rightsubnet=<a href="http://192.168.40.0/24">192.168.40.0/24</a><br> rightnexthop=D.D.D.D<br> rightsourceip=<a href="http://192.168.40.2">192.168.40.2</a><br>
auto=start<br><br>I will do some research on ikev2 with racoon.<br><br><div class="gmail_quote">2008/7/16 Paul Wouters <<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>>:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">On Wed, 16 Jul 2008, Peter Rosenthal wrote:<br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
With the release of openswan-2.6.14 on RHEL5 I have converted a couple of<br>
my boxes to use it instead of racoon.<br>
<br>
Unfortunately I have had zero luck in getting openswan to connect a<br>
tunnel to racoon on a RHEL4 box. Openswan receives notification that no<br>
proposal was accepted while racoon says:<br>
</blockquote>
<br></div>
give us your openswan / racoon configs or check the racoon interop<br>
configs in testing/x509/*interop* (but we only tested ikev2 with racoon)<br><font color="#888888">
<br>
Paul<br>
</font></blockquote></div><br></div>