Aidas,
Here is a configuration that fails with a stock 2.6.12 debian kernel.
,----[ /etc/racoon/racoon.conf ]
| path pre_shared_key "/etc/racoon/psk.txt";
|
| remote 138.231.148.1
| {
| exchange_mode main;
| proposal {
| encryption_algorithm 3des;
| hash_algorithm sha1;
| authentication_method pre_shared_key;
| dh_group modp1024;
| }
| generate_policy off;
| }
|
| sainfo address 138.231.149.2 any address 0.0.0.0/0 any
| {
| pfs_group modp1024;
| encryption_algorithm rijndael, blowfish, 3des;
| authentication_algorithm hmac_sha1, hmac_md5;
| compression_algorithm deflate;
| }
`----
,----[ Setting policy ]
| #!/usr/sbin/setkey -f
|
| spdflush;
|
| spdadd 138.231.149.2[68] 0.0.0.0/0[67] any -P out ipsec
| esp/tunnel/138.231.149.2-138.231.148.1/use;
| spdadd 0.0.0.0/0[67] 138.231.149.2[68] any -P in ipsec
| esp/tunnel/138.231.148.1-138.231.149.2/use;
| spdadd 138.231.149.2 0.0.0.0/0 any -P out ipsec
| esp/tunnel/138.231.149.2-138.231.148.1/require;
| spdadd 0.0.0.0/0 138.231.149.2 any -P in ipsec
| esp/tunnel/138.231.148.1-138.231.149.2/require;
`----
--
BOFH excuse #334:
50% of the manual is in .pdf readme files
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
