I start my IPsec use IPsec-tools.I configure two files that are /etc/racoon/racoon.conf and /etc/racoon/setkey.sh.
That is my racoon.conf
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
#path certificate "/etc/racoon/certs";

listen
{
isakmp 2001:328:2003:2::5;
}

remote 2001:328:2003:2::10
{
exchange_mode main;
lifetime time 24 hour;
proposal
{
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2;
}
}

sainfo address 2001:328:2003:2::5 any address 2001:328:2003:2::10 any
{
lifetime time 1 hour;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}

sainfo address 2001:328:2003:2::10 any address 2001:328:2003:2::5 any
{
lifetime time 1 hour;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}

include "/etc/racoon/192.168.1.5.conf";
include "/etc/racoon/192.168.1.2.conf";
include "/etc/racoon/2001:328:2003:2::2.conf";
include "/etc/racoon/2001:328:2003:2::10.conf";

my "setkey.sh"

#!/sbin/setkey -f
flush;
spdflush;
spdadd 2001:328:2003:2::1 2001:328:2003:2::2 any -P out ipsec esp/transport//require;
spdadd 2001:328:2003:2::2 2001:328:2003:2::1 any -P in ipsec esp/transport//require;

then i tye setkey -D
[root@mailv6 racoon]# setkey -D
No SAD entries.


Thanks.

My kernel version is 2.6.15-1.2054_FC5 ,so should I recompile my kernle to support IPsec?
Thanks.

Look into this url,it may be of some help:

driving traffic not allowed here!

Please, don't resurrect ancient threads only to promote your own site. This is in violation of the LQ rules:
This thread closed.