You are not logged in.

#1 2009-02-06 23:06:06

aport
Member
From: San Diego
Registered: 2008-02-20
Posts: 99

Racoon IPsec help

I've got two boxes (gateways) that I would like to link together with a simple IPsec tunnel. Not an abnormal request.


I'm using the netkey setup with ipsec-tools (racoon).

A quick diagram:

----------------------------
Left side
-----------------------------
WAN IP: 3.3.3.3
LAN IP: 192.168.1.1 (192.168.1.0/24)

----------------------------
Right side
----------------------------
WAN IP: 4.4.4.4
Lan IP: 192.168.2.1 (192.168.2.0/24)




My racoon.conf is as such (for the left side)

path pre_shared_key "/etc/racoon/psk.txt"
listen
{
isakmp 3.3.3.3
}

remote 4.4.4.4
{

exchange_mode main;
proposal {
encryption algorithm aes;
hash_algorithm sha1;
authentication_method  pre_shared_key;
dh_group 2;
}
}

sainfo anonymous
{
pfs_group 2;
encryption algorithm aes;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}

And my setkey.conf

flush;
spdflush

spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec esp/tunnel/3.3.3.3-4.4.4.4/require;
spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec esp/tunnel/4.4.4.4-3.3.3.3/require;

When I start racoon on each gateway and try to ping the other box, racoon starts going, but I get the errors:

 IPsec-SA request for 4.4.4.4 queued due to no phase1 found.
2009-02-06 23:04:04: DEBUG2: CHKPH1THERE: extract_port.
2009-02-06 23:04:04: DEBUG2: CHKPH1THERE: found a ph1 wop.
2009-02-06 23:04:04: DEBUG2: CHKPH1THERE: no established ph1 handler found

And nothing ever happens. I'm figuring that I'm missing something really basic here. Any help is GREATLY appreciated!

Last edited by aport (2009-02-06 23:07:48)

Offline

Board footer

Powered by FluxBB