Re: Racoon etvpn mobile
On Sunday 30 January 2005 12:30, Laurent CARON wrote:
> Thierry Leurent a écrit :
> >Bonjour,
> >
> >J'essaye depuis plusieurs jours de configurer un client vpn mobile pour un
> >firewall watchguard.
> >
> >Pour ce faire j'utilse ipsec-tools et racoon. Lorsque je lance racoon,
> > j'ai deux messages d'erreurs, l'un me parle de compression l'autre de
> > d'adresse ip. Je ne vois pas de solution....
>
> Bonjour,
>
> Peux tu nous montrer ton fichier de conf?
>
> Merci
Parfaitement voila :
/etc/ racoon.conf
#
# Simple racoon.conf
#
#
# Please look in /usr/share/doc/racoon/examples for
# the example that comes with the source.
#
# Please read racoon.conf(5) for details, and also
# read setkey(8).
#
# Also read the Linux IPSEC Howto up at
# http://www.ipsec-howto.org/t1.html
#
path pre_shared_key "/etc/racoon/psk.txt";
#path certificate "/etc/racoon/certs";
remote 194.68.64.104 {
exchange_mode main,aggressive;
# exchange_mode aggressive;
my_identifier user_fqdn "Clinf01";
proposal {
encryption_algorithm des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 1;
}
generate_policy off;
}
sainfo address 192.168.0.0/24 any address 10.101.0.0/24 any {
#sainfo anonymous {
pfs_group 1;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
/etc/racoon/psk.txt
# IPv4/v6 addresses
194.68.64.104 @MouaVPNuse53!
# USER_FQDN
Clinf01 @MouaVPNuse53!
# FQDN
VPN_USERS @MouaVPNuse53!
spdadd.sh
#!/usr/sbin/setkey -f
flush;
spdflush;
spdadd 192.168.0.0/24 10.101.0.0/24 any -P out ipsec
esp/tunnel/192.168.10.3-194.68.64.104/require;
spdadd 192.168.0.3 194.68.64.104 any -P out ipsec
esp/tunnel/192.168.10.3-194.68.64.104/require;
spdadd 10.101.0.0/24 192.168.0.0/24 any -P in ipsec
esp/tunnel/194.68.64.104-192.168.10.3/require;
spdadd 194.68.64.104 192.168.10.3 any -P in ipsec
esp/tunnel/194.68.64.104-192.168.10.3/require;
Reply to: