IPsec problem? - dlouhe
Josef Brzak
brzak at linux.fjfi.cvut.cz
Tue Nov 9 01:59:42 CET 2004
Dobry den,
mel bych jeden drobny dotaz ohledne IPsecu:
Nakonfiguroval jsem si tunel mezi dvema sitemi podle navodu,
ktery jsem nasel v handbooku. K zabezpeceni jsem pouzil
IPsec. Vse funguje tak jak ma jen se mi nekdy v logach
vypisuje nasledujici hlaska:
IPv4 ESP input: no key association found for spi 113014365
IPv4 ESP input: no key association found for spi 113014365
Tato hlaska se take nekdy vypisuje po resetu jednoho routeru
a nejakou dobu trva nez se navaze spojeni mezi routery.
Na routech v sitich je stejny system tj. FreeBSD 4.10-RELEASE-p3
Predem Vam moc dekuji za radu/pomoc.
Pepa Brzak
btw: prikladam konfiguraci racoonu.
cat racoon.conf
path include "/usr/local/etc/racoon" ;
padding
{
maximum_length 20; # maximum padding length.
randomize off; # enable randomize length.
strict_check off; # enable strict check.
exclusive_tail off; # extract last one octet.
}
listen
{
isakmp verejna_ip_adresa [500];
}
timer
{
# These value can be changed per remote node.
counter 5; # maximum trying count to send.
interval 20 sec; # maximum interval to resend.
persend 1; # the number of packets per a send.
# timer for waiting to complete each phase.
phase1 30 sec;
phase2 15 sec;
}
remote anonymous
{
exchange_mode main,aggressive;
doi ipsec_doi;
situation identity_only;
nonce_size 16;
lifetime time 60 min; # sec,min,hour
initial_contact on;
#support_mip6 on;
support_proxy on;
proposal_check obey; # obey, strict or claim
proposal {
encryption_algorithm blowfish;
hash_algorithm sha1;
authentication_method pre_shared_key ;
dh_group 2 ;
}
}
sainfo anonymous
{
pfs_group 2;
lifetime time 24 sec;
encryption_algorithm blowfish ;
authentication_algorithm hmac_sha1;
compression_algorithm deflate ;
}
More information about the Users-l
mailing list