Hi,
I'm trying to set up an IPSec vpn between our RHEL box and a remote Cisco router. I've managed to circumvent various bugs and potholes, but I'm still having some trouble.
Here is my ifcfg-ipsec0 config:
TYPE=IPSEC ONBOOT=yes IKE_METHOD="PSK" DST=194.73.118.113 SRCNET=172.18.100.0/24 DSTNET=145.224.7.0/24
Here is my /etc/racoon/racoon.conf file:
path include "/etc/racoon"; path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs";
sainfo anonymous
{
pfs_group 2;
lifetime time 1 hour ;
encryption_algorithm 3des, blowfish 448, rijndael ;
authentication_algorithm hmac_sha1, hmac_md5 ;
compression_algorithm deflate ;
}
include "/etc/racoon/194.73.118.113.conf";
and here is my generated /etc/racoon/194.73.118.113.conf file:
remote 194.73.118.113
{
exchange_mode aggressive, main;
my_identifier address;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2 ;
}
}I errors or messages in the system log at all when I bring the interface up (with /sbin/ifup ipsec0). However, I receive the following reply on the console:
RTNETLINK answers: Network is unreachable
I did receive the following messages the very first time I tried to bring the interface up with this new config:
racoon: INFO: isakmp.c:1387:isakmp_open(): 172.18.100.1[500] used as isakmp port (fd=7)
racoon: INFO: isakmp.c:1387:isakmp_open(): 62.189.139.36[500] used as isakmp port (fd=8)
racoon: INFO: isakmp.c:1387:isakmp_open(): 127.0.0.1[500] used as isakmp port (fd=9)
but the interface still failed to activate. These messages don't appear in the log any more...
Any suggestions would be much appreciated.
thanks Matt
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
