[CentOS] OT: Racoon with virtual ip (roadwarrior client)
carlopmart
carlopmart at gmail.com
Thu May 24 18:54:05 UTC 2007
mike.redan at bell.ca wrote:
> Could you also send along how you are starting up racoon, and any error
> messages you are getting on the command line, and in the log files?
> (make sure you are starting with verbose/debug at full so you can see
> exactly what is going on)
Logs doesn't reports any error .. at my laptop. On the firewall side, displays
errors about I don't use 192.168.2.1 ip ---
>
> (some comments embedded)
>
>
>>> Would you be able to post your racoon configuration, maybe
>> which version
>>> of ipsec-tools you are using, and maybe some error messages?
>>>
>>> It can be pretty easy to make little mistakes which will
>> make this not
>>> work.
>>>
>>>
>>> Cheers,
>>> Mike
>> 192.168.2.1 needs to be my virtual ip to connect to internal
>> customer network.
>> 172.25.50.28 it is my laptop's ip that I use on my job's
>> network. I am using
>> CentOS 5 and ipsec-tools version 0.6.5-8.el5. I have tried to
>> use dummy driver
>> to assign me 192.168.2.1 virtual ip without luck.
>>
>
> You can do something like:
> ifconfig eth0:0 add 192.168.2.1
Doesn't works ....
>
>
>
>> My racoon.conf:
>>
>> path certificate "/etc/racoon/certs";
>>
>> listen
>> {
>> adminsock "/var/racoon/racoon.sock" "root" "nobody" 0660;
>> }
>>
>> remote 1.1.1.1
>> {
>> exchange_mode main;
>
> If you are setup as a 'road warrior' then you would want exchange_mode
> aggressive; not main.
With aggressive mode, phase 1 doesn't works ...
>
>> certificate_type x509 "user.pem" "user.key";
>> verify_cert on;
>> my_identifier asn1dn;
>> peers_identifier fqdn "fwcust.domain.com";
>> ca_type x509 "custca.pem";
>> verify_identifier on;
>> proposal_check obey;
>> nat_traversal on;
>> proposal {
>> encryption_algorithm 3des;
>> hash_algorithm sha1;
>> authentication_method rsasig;
>> dh_group 2;
>> }
>> }
>>
>> sainfo address 192.168.2.1/32 any address 172.17.47.0/27 any
>> {
>> pfs_group 2;
>> lifetime time 12 hour;
>> encryption_algorithm aes;
>> authentication_algorithm hmac_sha256;
>> compression_algorithm deflate;
>> }
>>
>> sainfo address 172.17.47.0/27 any address 192.168.2.1/32 any
>> {
>> pfs_group 2;
>> lifetime time 12 hour;
>> encryption_algorithm aes;
>> authentication_algorithm hmac_sha256;
>> compression_algorithm deflate;
>> }
>> sainfo address 172.25.50.28/32 any address 1.1.1.1/32 any
>> {
>> pfs_group 2;
>> lifetime time 12 hour;
>> encryption_algorithm aes;
>> authentication_algorithm hmac_sha256;
>> compression_algorithm deflate ;
>> }
>>
>> sainfo address 1.1.1.1/32 any address 172.25.50.28/32 any
>> {
>> pfs_group 2;
>> lifetime time 12 hour;
>> encryption_algorithm 3des;
>> authentication_algorithm hmac_sha256;
>> compression_algorithm deflate;
>> }
>>
>> --
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
CL Martinez
carlopmart {at} gmail {d0t} com
More information about the CentOS
mailing list