[LUGOS] m0n0wall in openvpn

Klemen Humerca klemen at humerca.com
Sun Nov 4 19:04:59 CET 2007 

Ravno danes zjutraj sem naletel na OpenSwan in se lotil povezave z 
M0n0wall-om. Nekje se zatika saj vedno ob zagonu povezave dobim tole:

117 "atl" #1591: STATE_QUICK_I1: initiate
010 "atl" #1591: STATE_QUICK_I1: retransmission; will wait 20s for response

V logu na m0n0wall-u dobim tole:

# racoon: INFO: respond new phase 2 negotiation: 
193.77.126.xxx[0]<=>84.255.243.xxx[0]
# racoon: ERROR: failed to get sainfo.
# racoon: ERROR: failed to get sainfo.
# racoon: ERROR: failed to pre-process packet.

V /var/log/secure pa tole:

Nov  4 18:57:12 maja pluto[3091]: "atl" #1639: starting keying attempt 
158 of an unlimited number
Nov  4 18:57:12 maja pluto[3091]: "atl" #1650: initiating Quick Mode 
PSK+ENCRYPT+TUNNEL+PFS+UP to replace #1639 {using isakmp#1560}
Nov  4 18:57:15 maja pluto[3091]: "atl" #1640: max number of 
retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to 
our first Quick Mode message: perhaps peer likes no proposal

Moj ipsec.conf izgleda takole:

# basic configuration
config setup

include /etc/ipsec.d/*.conf

conn atl
        auth=esp
        authby=secret
        auto=start
        esp=3des-md5-1024
        pfs=yes
        ike=3des-md5-1024
        ikelifetime=3600s
        keylife=3600s
        left=84.255.243.xxx
        leftid=84.255.243.xxx
        leftsubnet=192.168.1.0/24
        right=193.77.126.xxx
        rightid=193.77.126.xxx
        rightsubnet=192.168.0.0/24
        type=tunnel

Je nekaj v zvezi z racoon-om?

Hvala.

-- 



Klemen Humerca
 
-----e-mail&web---------
 klemen at humerca.com
 forum.humerca.com
------------------------



Jernej Simončič wrote:
> On Sunday, November 4, 2007, 13:12:05, Uroą Golja wrote:
>
>   
>> Dobra novica je, da lahko na Fedoro najbrľ naąraufaą paketa racoon in
>> ipsec-tools (ali nekaj podobnega, potrebjeą le orodje setkey) in s tem
>> zvrtaą tunel do oddaljenega m0n0walla. Najbrľ boą imel več teľav na 
>> strani Fedore; na njej moraą v grobem narediti naslednje:
>>     
>
> Jaz imam vzpostavljen IPsec tunel med pfSensom (derivat m0n0walla,
> http://www.pfsense.org/) in Debianom, kjer na Debianu uporabljam jedro
> 2.6.18 in Openswan <http://www.openswan.org/>. Ima pa pfSense tudi
> podporo za OpenVPN, vendar ga nisem uporabljal.
>
>

More information about the lugos-list mailing list