[CentOS] OT: Racoon with virtual ip (roadwarrior client)

Thu May 24 16:55:21 UTC 2007
carlopmart <carlopmart at gmail.com>

mike.redan at bell.ca wrote:
>>> carlopmart wrote:
>>>>  Somebody can explains me how can I configure ipsec-tools 
>> package to 
>>>> use private virtual ip address as an openswan does or some 
>> doc/howto 
>>>> about it??
>>>>
>>>>  I have seen this howto, but doesn't works for me:
>>>>
>>>>  http://www.howtoforge.com/racoon_roadwarrior_vpn
> Thanks Michael, I have seen before but this docs doesn't explains how to
> use a 
> virtual ip to connect via ipsec ...
> 
> 
> 
> Would you be able to post your racoon configuration, maybe which version
> of ipsec-tools you are using, and maybe some error messages?
> 
> It can be pretty easy to make little mistakes which will make this not
> work. 
> 
> 
> Cheers,
> Mike
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 

192.168.2.1 needs to be my virtual ip to connect to internal customer network. 
172.25.50.28 it is my laptop's ip that I use on my job's network. I am using 
CentOS 5 and ipsec-tools version 0.6.5-8.el5. I have tried to use dummy driver 
to assign me 192.168.2.1 virtual ip without luck.


My racoon.conf:

path certificate "/etc/racoon/certs";

listen
{
     adminsock "/var/racoon/racoon.sock" "root" "nobody" 0660;
}

remote 1.1.1.1
{
     exchange_mode main;
     certificate_type x509 "user.pem" "user.key";
     verify_cert on;
     my_identifier asn1dn;
     peers_identifier fqdn "fwcust.domain.com";
     ca_type x509 "custca.pem";
     verify_identifier on;
     proposal_check obey;
     nat_traversal on;
     proposal {
         encryption_algorithm 3des;
         hash_algorithm sha1;
         authentication_method rsasig;
         dh_group 2;
     }
}

sainfo address 192.168.2.1/32 any address 172.17.47.0/27 any
{
     pfs_group 2;
     lifetime time 12 hour;
     encryption_algorithm aes;
     authentication_algorithm hmac_sha256;
     compression_algorithm deflate;
}

sainfo address 172.17.47.0/27 any address 192.168.2.1/32 any
{
     pfs_group 2;
     lifetime time 12 hour;
     encryption_algorithm aes;
     authentication_algorithm hmac_sha256;
     compression_algorithm deflate;
}
sainfo address 172.25.50.28/32 any address 1.1.1.1/32 any
{
     pfs_group 2;
     lifetime time 12 hour;
     encryption_algorithm aes;
     authentication_algorithm hmac_sha256;
     compression_algorithm deflate ;
}

sainfo address 1.1.1.1/32 any address 172.25.50.28/32 any
{
     pfs_group 2;
     lifetime time 12 hour;
     encryption_algorithm 3des;
     authentication_algorithm hmac_sha256;
     compression_algorithm deflate;
}

-- 
CL Martinez
carlopmart {at} gmail {d0t} com