[Vpn-help] Problem Racoon ShrewSoft
AnoniM
anonim at jetline.pl
Tue Jul 14 15:07:08 CDT 2009
What is wrong?
path include "/usr/local/etc/racoon" ;
path pre_shared_key "/usr/local/etc/racoon/psk.txt";
path certificate "/usr/local/etc/racoon/cert";
login debug2;
listen {
isakmp 192.168.0.1 [500];
isakmp_natt 192.168.0.1 [4500];
}
timer
{
natt_keepalive 15 seconds;
}
#
# Remote Section
#
#
# RSA XAuth Remote Section
#
remote anonymous
{
exchange_mode main;
verify_identifier on;
my_identifier asn1dn;
peers_identifier asn1dn;
certificate_type x509 "vpngw.crt" "vpngw.key";
ca_type x509 "ca.crt";
passive on;
generate_policy unique;
ike_frag on;
nat_traversal on;
dpd_delay 30;
proposal_check claim;
lifetime time 24 hours;
proposal
{
encryption_algorithm aes 256;
hash_algorithm sha1;
authentication_method hybrid_rsa_server;
dh_group 5;
}
}
#
# Mode Config Section
#
mode_cfg
{
network4 192.168.4.1;
pool_size 253;
netmask4 255.255.255.0;
split_network include 192.168.4.0/24;
conf_source local;
wins4 192.168.4.200;
dns4 192.168.4.1;
banner "/usr/local/etc/racoon/motd";
}
#
# SA Info Section
#
sainfo anonymous
{
lifetime time 3600 seconds;
encryption_algorithm aes 256;
authentication_algorithm hmac_md5,hmac_sha1;
compression_algorithm deflate;
}
tail -f /var/log/racoon.log
Jul 14 21:59:13 VPN racoon: INFO: respond new phase 1 negotiation:
192.168.0.1[500]<=>192.168.0.2[500]
Jul 14 21:59:13 VPN racoon: INFO: begin Identity Protection mode.
Jul 14 21:59:13 VPN racoon: INFO: received Vendor ID:
draft-ietf-ipsra-isakmp-xauth-06.txt
Jul 14 21:59:13 VPN racoon: INFO: received Vendor ID:
draft-ietf-ipsec-nat-t-ike-00
Jul 14 21:59:13 VPN racoon: INFO: received Vendor ID:
draft-ietf-ipsec-nat-t-ike-01
Jul 14 21:59:13 VPN racoon: INFO: received Vendor ID:
draft-ietf-ipsec-nat-t-ike-02
Jul 14 21:59:13 VPN racoon: INFO: received Vendor ID:
draft-ietf-ipsec-nat-t-ike-03
Jul 14 21:59:13 VPN racoon: INFO: received Vendor ID: RFC 3947
Jul 14 21:59:13 VPN racoon: INFO: received broken Microsoft ID:
FRAGMENTATION
Jul 14 21:59:13 VPN racoon: INFO: received Vendor ID: DPD
Jul 14 21:59:13 VPN racoon: INFO: received Vendor ID: CISCO-UNITY
Jul 14 21:59:13 VPN racoon: INFO: Selected NAT-T version: RFC 3947
Jul 14 21:59:13 VPN racoon: INFO: Adding xauth VID payload.
Jul 14 21:59:13 VPN racoon: WARNING: CR received, ignore it. It should
be in other exchange.
Jul 14 21:59:13 VPN racoon: INFO: Hashing 192.168.0.1[500] with algo #2
Jul 14 21:59:13 VPN racoon: INFO: NAT-D payload #0 verified
Jul 14 21:59:13 VPN racoon: INFO: Hashing 192.168.0.2[500] with algo #2
Jul 14 21:59:13 VPN racoon: INFO: NAT-D payload #1 doesn't match
Jul 14 21:59:13 VPN racoon: INFO: NAT detected: PEER
Jul 14 21:59:13 VPN racoon: INFO: Hashing 192.168.0.2[500] with algo #2
Jul 14 21:59:13 VPN racoon: INFO: Hashing 192.168.0.1[500] with algo #2
Jul 14 21:59:13 VPN racoon: INFO: Adding remote and local NAT-D payloads.
Jul 14 21:59:13 VPN racoon: INFO: NAT-T: ports changed to:
192.168.0.2[4500]<->192.168.0.1[4500]
Jul 14 21:59:13 VPN racoon: INFO: KA list add:
192.168.0.1[4500]->192.168.0.2[4500]
Jul 14 21:59:13 VPN racoon: WARNING: No ID match.
Jul 14 21:59:13 VPN racoon: ERROR: invalid ID payload.
Jul 14 22:00:03 VPN racoon: ERROR: phase1 negotiation failed due to time
up. 5c11cc19a28c2d99:d68593d19a1a750d
Jul 14 22:00:03 VPN racoon: INFO: KA remove:
192.168.0.1[4500]->192.168.0.2[4500]
??????? and what is importent i cant connect from shrew soft :(
Please help
__________ Informacja programu ESET Smart Security, wersja bazy sygnatur wirusow 4243 (20090714) __________
Wiadomosc zostala sprawdzona przez program ESET Smart Security.
http://www.eset.pl lub http://www.eset.com
More information about the vpn-help
mailing list