Re: Racoon
Hi
On Mon, Sep 29, 2014 at 08:30:31PM +0300, Gokan Atmaca wrote:
> Hello
>
> I want to make using racoon IPSEC connection. My configuration is as
> follows. B site RouterOS (Mikrotik) are available. A kind of
> connection can not be established.
What do you get in the logs?
For a "connection" (by which I assume you mean an established tunnel)
to be established, racoon needs to the the handshakes with the other
side - if these fail, there should be traces of it in the
logs.
Usually, there will be logging even if it is successfull. Racoon
should log via syslog, hence (depending on your syslog configuration)
/var/log/daemon.log would be the place to look.
> Note: IP addresses are shown as examples.
>
> WAN sites: 1.1.1.1
> LAN sites: 2.2.2.2
> B's: 3.3.3.3
> B's: 4.4.4.4
>
>
>
> - A site config;
>
> pre_shared_key path "/etc/racoon/psk.txt";
> path certificate "/ etc / racoon / certs";
This looks like a bad copy/paste?? You have spaces in it? Really??
> remote 3.3.3.3 {
> exchange_mo in the main;
This does not look like valid syntax. More bad copy/paste? Looks like
it was an attempt at "exchange_mode" ...
> initial_contact one;
> proposal_check obey;
> proposal {
> encryption_algorithm 3DES;
> hash_algorithm md5;
> authentication_method pre_shared_key;
> dh_group modp1024;
> }
> }
You may want to avoid 3DES...
>
>
> Sainfoin any address 2.2.2.2/24 4.4.4.4/24 address any {
"Sainfoin" .. hm...
Which version of racoon is this?
> lifetime time 24 hour;
> encryption_algorithm 3DES;
> authentication_algorithm hmac_md5;
> compression_algorithm deflate;
> pfs_group modp1024;
> }
I'd recommend looking in the logs to start with, and getting rid of
the syntax errors in the config before going further...
Hope this helps
--
Karl E. Jorgensen
Reply to:
- Follow-Ups:
- Re: Racoon
- From: Gokan Atmaca <linux.gokan@gmail.com>
- References:
- Racoon
- From: Gokan Atmaca <linux.gokan@gmail.com>