You are not logged in.
Pages: 1
I've got two boxes (gateways) that I would like to link together with a simple IPsec tunnel. Not an abnormal request.
I'm using the netkey setup with ipsec-tools (racoon).
A quick diagram:
----------------------------
Left side
-----------------------------
WAN IP: 3.3.3.3
LAN IP: 192.168.1.1 (192.168.1.0/24)
----------------------------
Right side
----------------------------
WAN IP: 4.4.4.4
Lan IP: 192.168.2.1 (192.168.2.0/24)
My racoon.conf is as such (for the left side)
path pre_shared_key "/etc/racoon/psk.txt"
listen
{
isakmp 3.3.3.3
}
remote 4.4.4.4
{
exchange_mode main;
proposal {
encryption algorithm aes;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo anonymous
{
pfs_group 2;
encryption algorithm aes;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
And my setkey.conf
flush;
spdflush
spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec esp/tunnel/3.3.3.3-4.4.4.4/require;
spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec esp/tunnel/4.4.4.4-3.3.3.3/require;
When I start racoon on each gateway and try to ping the other box, racoon starts going, but I get the errors:
IPsec-SA request for 4.4.4.4 queued due to no phase1 found.
2009-02-06 23:04:04: DEBUG2: CHKPH1THERE: extract_port.
2009-02-06 23:04:04: DEBUG2: CHKPH1THERE: found a ph1 wop.
2009-02-06 23:04:04: DEBUG2: CHKPH1THERE: no established ph1 handler found
And nothing ever happens. I'm figuring that I'm missing something really basic here. Any help is GREATLY appreciated!
Last edited by aport (2009-02-06 23:07:48)
Offline
Pages: 1