I solved my Centos 6 issues. I did a standard build of the 2.2.1 Client for Linux.
My biggest problem was trying to use a path name in the ikec command. The -r option wants the name of a config file in $HOME/.ike/sites not a path name. I did have to change the packet filtering. Temp solution: echo 2 > /proc/sys/net/ipv4/conf/default/rp_filter echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter Perm Solution: Add the following to /etc/sysctl.conf as described in https://access.redhat.com/site/solutions/53031 net.ipv4.conf.default.rp_filter = 2 Sanitized VPN Config: n:version:2 s:network-host: FIREWALL_IP_ADDRESS n:network-ike-port:500 s:client-auto-mode:push n:network-mtu-size:1380 s:client-iface:virtual n:client-addr-auto:1 s:network-natt-mode:enable n:network-natt-port:4500 n:network-natt-rate:15 s:network-frag-mode:enable n:network-frag-size:540 n:network-dpd-enable:0 n:client-banner-enable:0 n:network-notify-enable:0 n:client-wins-used:1 n:client-wins-auto:1 n:client-dns-used:1 n:client-dns-auto:1 n:client-splitdns-used:1 n:client-splitdns-auto:1 s:auth-method:mutual-psk-xauth s:ident-client-type:ufqdn s:ident-server-type:any s:ident-client-data:[email protected] b:auth-mutual-psk:PSK_VALUE s:phase1-exchange:aggressive n:phase1-dhgroup:2 s:phase1-cipher:3des s:phase1-hash:sha1 n:phase1-life-secs:28800 n:phase1-life-kbytes:0 n:vendor-chkpt-enable:0 s:phase2-transform:esp-3des s:phase2-hmac:sha1 s:ipcomp-transform:disabled n:phase2-pfsgroup:2 n:phase2-life-secs:3600 n:phase2-life-kbytes:0 s:policy-level:auto n:policy-nailed:0 n:policy-list-auto:0 s:policy-list-include:BEHIND_THE_FIREWALL_NETWORK/ 255.255.255.0
_______________________________________________ vpn-help mailing list [email protected] https://lists.shrew.net/mailman/listinfo/vpn-help
