IPSEC VPN racoon
Stefan Valko
valko at kcorp.sk
Tue Jul 1 11:17:22 CEST 2008
Zdravim riesim nasledujuci problem. Mam IPSEC VPN server (racoon) ktory spaja
22 pobociek LAN - LAN (FreeBSD - Vigor 2700) na Vigore je posledny fw 2.7.3
od T-COMu (kedze zo starsimi,robilo problem to ze po vytoceni VPNky sa
resetol na tvrdo VIGOR) , problem mam ten ze niekedy padne VPNka medzi BSD a
Vigorom a niektore Vigori vytocia si VPN spojenie ktore je v poriadku
prechadzaju hned data a je to ok, ale niektore si vytvoria VPN spojenie ale
nepretecie cez tunnel nic :( len sa tvari ze VPN je vytvorena. Potom pomoze
len to ze racoon restartnem a potom sa tie VPNky ktore mali tz. neuplny
tunnel pripoja uplne bez problemov !!! Neriesil niekto nieco podobne? V
logoch racoonu som nic mimoriadne nevsimol a na google som nic normalne
nenasiel :( Vychadza mi to na problem Vigorov ale pre istotu sa tu pytam ze
ci nahodou ma niekto nevie nakopnut a nejako to doladit. Tyka sa to cca 3 - 4
Vigorov z 22. PS. Pred tym to na CISCO slo ok..... (nechcel som meni) aj zo
starym firmware
ipsec.conf
flush;
spdflush;
spdadd LAN_BSD/24 LAN_VIGOR/24 any -P out ipsec
esp/tunnel/WAN_BSD-WAN_VIGOR/require;
spdadd LAN_VIGOR/24 LAN_BSD/24 any -P in ipsec
esp/tunnel/WAN_VIGOR-WAN_BSD/require;
racoon.conf
remote WAN_VIGOR
{
#exchange_mode main,aggressive,base;
exchange_mode main;
my_identifier address WAN_BSD;
peers_identifier address WAN_VIGOR;
verify_identifier on;
nonce_size 16;
lifetime time 86400 sec ; # sec,min,hour
proposal_check obey;
# phase 1 proposal (for ISAKMP SA)
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo address LAN_BSD/24 any address LAN_VIGOR/24 any
{
pfs_group 1;
lifetime time 86400 sec;
encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
Stefan Valko
More information about the Users-l
mailing list