I have a site-to-site vpn between these two:
1. FreeBSD 7.2-RELEASE-p4, racoon, ipsec-tools-0.7.3
2. Symantec VPN 100, (also known as "Nexland Pro 800")
I have intermittent connection problems between these two and I can't seem
to identify what the problem is. I realize the complexity and challenge in
getting two different ipsec-boxes talking to each other but I thought I
would have a go before I replace the Symantec-box. If I restart racoon or
wait approximately 30 min the connection is re-established.
What would be the obvious way to debug this? Any suggestions on what to
tweak appreciated.
//Jon
Info:
Keying: IKE PSK
Phase1:
encryption: DES
Authentication: MD5
SA Lifetime: 28800 seconds
Phase2:
Encryption: DES
Authentication: MD5
SA Lifetime: 3600 seconds
racoon.conf:
path pre_shared_key "/usr/local/etc/racoon/psk.txt";
log info;
padding # options are not to be changed
{
maximum_length 20;
randomize off;
strict_check off;
exclusive_tail off;
}
timer
{
counter 5;
interval 10 sec;
persend 1;
phase1 30 sec;
phase2 15 sec;
}
listen
{
isakmp local.ip.address [500];
}
remote re.mote.ip.address [500]
{
exchange_mode aggressive,main;
doi ipsec_doi;
situation identity_only;
my_identifier address local.ip.address;
peers_identifier address re.mote.ip.address;
initial_contact on;
lifetime time 8 hour;
passive off;
proposal_check obey;
generate_policy off;
proposal {
encryption_algorithm des;
hash_algorithm md5;
authentication_method pre_shared_key;
lifetime time 30 sec;
dh_group 1;
}
}
sainfo (address 192.168.1.0/24 any address 192.168.100.0/24 any)
{
pfs_group 1;
lifetime time 3600 sec;
encryption_algorithm des;
authentication_algorithm hmac_md5,hmac_sha1;
compression_algorithm deflate;
}
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
