hali!
A celom, hogy egy VPN szerverhez tudjanak kapcsolodni a roadwarrior
kliensek ipsec-en keresztul. Egyelore windowsok, de kesobb egyeb OS-ek
(soho zyxel routerek).
Ez alapjan probalkoztam: http://www.howtoforge.com/racoon_roadwarrior_vpn
Linuxos kliensem sajnos nincs, azzal nem tudom tesztelni.
A windowsos letoltheto kliens egy kicsit mar mas, de megprobaltam
hasonlora beallitani, mint ami itt szerepel, de nem mukodik.
A linux-on ez van a logban, nem tul bobeszedu:
Sep 17 20:17:57 vpn racoon: INFO: respond new phase 1 negotiation:
x.x.x.x[500]<=>y.y.y.y[62635]
Sep 17 20:17:57 vpn racoon: INFO: begin Aggressive mode.
Sep 17 20:17:57 vpn racoon: INFO: received Vendor ID:
draft-ietf-ipsra-isakmp-xauth-06.txt
Sep 17 20:17:57 vpn racoon: INFO: received Vendor ID:
draft-ietf-ipsec-nat-t-ike-00
Sep 17 20:17:57 vpn racoon: INFO: received Vendor ID:
draft-ietf-ipsec-nat-t-ike-01
Sep 17 20:17:57 vpn racoon: INFO: received Vendor ID:
draft-ietf-ipsec-nat-t-ike-02
Sep 17 20:17:57 vpn racoon: INFO: received Vendor ID:
draft-ietf-ipsec-nat-t-ike-03
Sep 17 20:17:57 vpn racoon: INFO: received Vendor ID: RFC 3947
Sep 17 20:17:57 vpn racoon: INFO: received broken Microsoft ID:
FRAGMENTATION
Sep 17 20:17:57 vpn racoon: INFO: received Vendor ID: DPD
Sep 17 20:17:57 vpn racoon: INFO: received Vendor ID: CISCO-UNITY
Sep 17 20:18:32 vpn racoon: ERROR: phase1 negotiation failed due to time
up. bbda92525c4d15fd:fe1eedf5ad2bd98b
Sep 17 20:18:57 vpn racoon: ERROR: phase1 negotiation failed due to time
up. 340af47a86205990:3388ceda4d3a1923
Mit szurok el, vagy mit kellene csinalni? Csinalta mar vki sikeresebben?
Esetleg ha ezzel nem, openswannal?
Ubuntu 8.04
Koszi,
tompos
racoon.conf:
path certificate "/etc/openvpn/keys";
listen {
adminsock disabled;
}
remote anonymous {
exchange_mode aggressive,main;
certificate_type x509 "server.crt" "server.key";
#claiming the options requested by other peer
proposal_check claim;
generate_policy on;
verify_cert off;
nat_traversal off;
dpd_delay 20;
ike_frag on;
proposal {
encryption_algorithm aes;
hash_algorithm md5;
authentication_method hybrid_rsa_server;
dh_group 2;
}
}
mode_cfg {
network4 172.16.0.10;
pool_size 20;
netmask4 255.255.255.0;
auth_source system;
conf_source local;
dns4 172.16.0.1;
wins4 172.16.0.1;
banner "/etc/racoon/motd";
}
sainfo anonymous {
pfs_group 2;
lifetime time 1 hour;
encryption_algorithm aes;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
_________________________________________________
linux lista - linux@mlf.linux.rulez.org
http://mlf2.linux.rulez.org/mailman/listinfo/linux
