LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 05-03-2012, 12:10 PM   #1
genderbender
Member
 
Registered: Jan 2005
Location: US
Distribution: Centos, Ubuntu, Solaris, Redhat
Posts: 396

Rep: Reputation: 31
Help with racoon, ipsec and opennhrp


I've been following the guide wrote on the following website: http://patrickpreuss.wordpress.com/2...pn-with-linux/ The idea being to setup DMVPN. The guide works well, however after a short period all my ping packets to the routers are dropped. Desperate for help with this one guys.

My config is *slightly* different to the users; will post the relevant bits now:

opennhrp.conf:
Code:
interface gre1
  map 10.161.1.1/24 remoteIP register cisco
  map 10.161.1.2/24 remoteIP register cisco
  redirect
  holding-time 60
  shortcut

interface eth0:0
 shortcut-destination
racoon.conf
Code:
log debug2;
path pre_shared_key "/etc/psk.txt";

padding
{
        maximum_length 20;
        randomize off;
        strict_check off;
        exclusive_tail off;
}

remote anonymous
{
        exchange_mode aggressive,main;
        lifetime time 3 hour;
        nat_traversal on;
        ike_frag on;
        script "/etc/opennhrp/racoon-ph1down.sh" phase1_down;
        script "/etc/opennhrp/racoon-ph1dead.sh" phase1_dead;
        dpd_delay 20;
        rekey force;
        passive on;
        proposal
        {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2;
        }
}
sainfo anonymous
{
        pfs_group 2;
        lifetime time 3 hour;
        encryption_algorithm 3des;
        authentication_algorithm hmac_sha1, hmac_md5;
        compression_algorithm deflate;
}
ipsec-tools.conf
Code:
#!/sbin/setkey -f
spdflush;
spdadd 0.0.0.0/0 0.0.0.0/0 gre -P out ipsec esp/transport//require;
spdadd 0.0.0.0/0 0.0.0.0/0 gre -P in ipsec esp/transport//require;
Thanks - if you see anything wrong anywhere or anyway to debug, please let me know.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Idle timeout in IPSEC using racoon tusharsharma43 Linux - Security 0 12-06-2011 12:11 AM
help with racoon/ipsec cizzi Linux - Security 1 10-25-2009 04:20 PM
ipsec-tools: How Racoon works? zivota Linux - Software 1 09-02-2009 12:48 AM
ipsec (racoon, setkey) and traffic supaflyzzz Linux - Security 3 02-24-2009 07:58 AM
IPsec : Problem with racoon HaPagan Linux - Security 1 11-30-2005 01:23 AM


All times are GMT -5. The time now is 06:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration