OT: a very big problem with ipsec-tools on CentOS5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi all,

I am trying to establish a vpn tunnel between one CentOS5 IPSec server and a roadwarrior client, CentOS5 too. Roadwarrior use ipsec-tools version 0.6.5-8 (that comes with CentOS5) and server uses version 0.7 (downloaded from ipsec-tools website).

 My server configuration is:

path include "/etc/racoon";
path certificate "/etc/racoon/certs";
path pre_shared_key "/etc/racoon/psk.txt";
path pidfile "/var/run/racoon.pid";
#log debug;

listen {
        adminsock "/var/racoon/racoon.sock" "root" "nobody" 0660;
        isakmp 172.28.45.4 [500];
        isakmp_natt 172.28.45.4 [4500];
}

remote anonymous {
        exchange_mode aggressive;
        certificate_type x509 "gwenc.crt" "gwenc.key";
        my_identifier asn1dn;
        proposal_check claim;
        generate_policy on;
        nat_traversal on;
        dpd_delay 20;
        ike_frag on;
        passive on;
        proposal {
                encryption_algorithm aes;
                hash_algorithm sha256;
                authentication_method hybrid_rsa_server;
                dh_group 2;
        }
}

mode_cfg {
        network4 172.31.78.5;
        netmask4 255.255.255.240;
        pool_size 6;
        dns4 172.25.50.1;
        auth_source pam;
        auth_groups "users";
        group_source system;
        auth_throttle 10;
        pfs_group 2;
}

sainfo anonymous
{
        pfs_group 2;
        lifetime time 1 hour;
        encryption_algorithm rijndael;
        authentication_algorithm hmac_sha256;
        compression_algorithm deflate;
}

When I try to connect from roadwarrior client using xauth, server returns me this errors:

2007-10-13 00:21:52: INFO: ISAKMP-SA established 172.28.45.4[4500]-172.17.35.3[4500] spi:e3ff2f5a0873ff54:ad9b13f8035ec2f2
2007-10-13 00:21:52: INFO: Using port 0
2007-10-13 00:21:52: ERROR: pam_authenticate failed: Authentication failure
2007-10-13 00:21:52: INFO: Released port 0
2007-10-13 00:21:52: INFO: login failed for user "charlie"
2007-10-13 00:21:52: ERROR: Attempt to release an unallocated address (port 0)
2007-10-13 00:21:52: ERROR: mode config 6 from 172.17.35.3[4500], but we have no ISAKMP-SA.
2007-10-13 00:21:52: ERROR: unknown Informational exchange received.

why? I don't understand. Well, yes, I think that server doesn't use really pam libraries or problem is that linux use shadow for passwords instead passwd file.


I see a lot of webs on this configuration works out of the box, but not for me.... I am really desperated.

Many thanks.

P.D: On ipsec-tools mailing list i don't receive any response.
--
CL Martinez
carlopmart {at} gmail {d0t} com
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux