IPSec
Dušátko Jan
jan at dusatko.org
Wed Sep 22 15:24:32 CEST 2010
Zdravim,
mam problem s konfiguraci IPSec pod FreeBSD 8.1/amd64.
V soucasnosti mi vraci v debug modu po nejake dobe stale stejnou informaci:
ERROR: no policy found: 0.0.0.0/0[0] 0.0.0.0/0[0] proto=any dir=in
ERROR: failed to get proposal for responder.
ERROR: failed to pre-process packet.
Napada vas nekoho neco?
Honza
V konfiguracnim scriptu mam uvedeno:
racoon.conf:
------------
path include "/usr/local/etc/racoon" ;
path pre_shared_key "/usr/local/etc/racoon/psk.txt";
path certificate "/usr/local/etc/racoon/cert" ;
path script "/usr/local/etc/racoon" ;
log debug2;
padding
{
maximum_length 20;
randomize off;
strict_check off;
exclusive_tail off;
}
timer
{
counter 5;
interval 20 sec;
persend 1;
natt_keepalive 15 sec;
phase1 28800 sec;
phase2 1800 sec;
}
listen
{
adminsock "/var/run/racoon.sock";
}
remote e.f.g.h [500]
{
exchange_mode main,aggressive;
nonce_size 16;
initial_contact on;
doi ipsec_doi;
situation identity_only;
my_identifier address a.b.c.d;
peers_identifier address e.f.g.h;
passive off;
verify_identifier off;
proposal_check obey;
generate_policy off;
ike_frag on;
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo (address x.y.z.w/24 any address x.y.z.w/24 any)
{
# pfs_group 1;
encryption_algorithm aes ;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
setkey.conf:
------------
#!/sbin/setkey -f
flush;
spdflush;
# To the home network
spdadd x.y.z.w/24 x.y.z.w/24 any -P out ipsec
esp/tunnel/a.b.c.d-e.f.g.h/use;
spdadd x.y.z.w/24 x.y.z.w/24 any -P in ipsec esp/tunnel/e.f.g.h-a.b.c.d/use;
More information about the Users-l
mailing list