[Openswan Users] openswan+netkey <-> racoon on linux
Peter Rosenthal
voiperster at gmail.com
Wed Jul 16 06:32:54 EDT 2008
Hi Paul,
The configuration is:
# Racoon IKE daemon configuration file.
# See 'man racoon.conf' for a description of the format and entries.
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
sainfo anonymous
{
pfs_group 2;
lifetime time 1 hour ;
encryption_algorithm 3des, blowfish 448, rijndael ;
authentication_algorithm hmac_sha1, hmac_md5 ;
compression_algorithm deflate ;
}
remote A.A.A.A
{
exchange_mode aggressive, main;
my_identifier address;
proposal {
encryption_algorithm rijndael;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2 ;
}
}
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
conn ord-lan
authby=secret
keylife=3600s
left=A.A.A.A
leftsubnet=172.16.0.0/24
leftnexthop=C.C.C.C
leftsourceip=172.16.0.254
right=B.B.B.B
rightsubnet=192.168.40.0/24
rightnexthop=D.D.D.D
rightsourceip=192.168.40.2
auto=start
I will do some research on ikev2 with racoon.
2008/7/16 Paul Wouters <paul at xelerance.com>:
> On Wed, 16 Jul 2008, Peter Rosenthal wrote:
>
> With the release of openswan-2.6.14 on RHEL5 I have converted a couple of
>> my boxes to use it instead of racoon.
>>
>> Unfortunately I have had zero luck in getting openswan to connect a
>> tunnel to racoon on a RHEL4 box. Openswan receives notification that no
>> proposal was accepted while racoon says:
>>
>
> give us your openswan / racoon configs or check the racoon interop
> configs in testing/x509/*interop* (but we only tested ikev2 with racoon)
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080716/8e9e63c0/attachment.html
More information about the Users
mailing list