LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-21-2012, 07:47 PM   #1
grog_7
LQ Newbie
 
Registered: Sep 2003
Distribution: Red Hat and derivatives
Posts: 2

Rep: Reputation: 0
Racoon 0.8 to Juniper VPN will only connect to one network at a time


I'm trying to set up a dial up VPN from a CentOS 5.6 host. It has ipsec-tools 0.8.0 installed. I'm connecting to a Juniper SSG-140. I have two networks behind the Juniper that I'm trying to access via the VPN (192.168.208.0/20 and 10.0.0.0/22). The VPN comes up and passes traffic, but only to the first network I try to access.

So, I start up Racoon, ping 192.168.208.1, and it works. Pinging 10.0.0.1 gets no response. If I reset everything and bring the VPN back up, then ping 10.0.0.1, it works. But now 192.168.208.1 doesn't.

I followed this guide for setup.

My racoon config, where 1.1.1.1 is the Juniper, and 2.2.2.2 is the static IP of my Linux host.

Code:
#/etc/racoon/racoon.conf
path pre_shared_key "/etc/racoon/psk.txt";

log debug;

# Remote host
remote 1.1.1.1
{
        exchange_mode aggressive;
        my_identifier user_fqdn "someone@somewhere.com";
        lifetime time 28800 sec;
        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group modp1024;
        }
}

sainfo address 2.2.2.2 any address 192.168.208.0/20 any
{
        pfs_group modp1024;
        lifetime time 3600 sec;
        encryption_algorithm 3des;
        authentication_algorithm hmac_sha1;
        compression_algorithm deflate;
}
sainfo address 2.2.2.2 any address 10.0.0.0/22 any
{
        pfs_group modp1024;
        lifetime time 3600 sec;
        encryption_algorithm 3des;
        authentication_algorithm hmac_sha1;
        compression_algorithm deflate;
}
I initially tried a single "sainfo anonymous" block, but I got the same results. I thought that maybe by manually specifying the SA's it might force the issue.


My racoonctl show-sa esp output:

Code:
# racoonctl show-sa esp
2.2.2.2 1.1.1.1 
        esp mode=tunnel spi=287320847(0x11202b0f) reqid=0(0x00000000)
        E: 3des-cbc  9061b7a5 ceeb69c7 d81986a2 9658ea35 bf7d67cd 5a1b31a2
        A: hmac-sha1  bd1bc139 7af2d499 6eb8bfce 225a73d3 36a27477
        seq=0x00000000 replay=4 flags=0x00000000 state=mature 
        created: Mar 21 16:06:03 2012   current: Mar 21 16:42:26 2012
        diff: 2183(s)   hard: 3600(s)   soft: 2880(s)
        last: Mar 21 16:06:03 2012      hard: 0(s)      soft: 0(s)
        current: 106640(bytes)  hard: 0(bytes)  soft: 0(bytes)
        allocated: 786  hard: 0 soft: 0
        sadb_seq=1 pid=16792 refcnt=0
1.1.1.1 2.2.2.2 
        esp mode=tunnel spi=58380056(0x037acf18) reqid=0(0x00000000)
        E: 3des-cbc  746e14b2 dcbae3de d6ac0c34 bf066ff1 c87d9df5 b57999be
        A: hmac-sha1  f499d9a3 47f7eae2 8f3f8382 35319197 9c3689b3
        seq=0x00000000 replay=4 flags=0x00000000 state=mature 
        created: Mar 21 16:06:03 2012   current: Mar 21 16:42:26 2012
        diff: 2183(s)   hard: 3600(s)   soft: 2880(s)
        last: Mar 21 16:06:03 2012      hard: 0(s)      soft: 0(s)
        current: 65432(bytes)   hard: 0(bytes)  soft: 0(bytes)
        allocated: 782  hard: 0 soft: 0
        sadb_seq=0 pid=16792 refcnt=0
Any help would be appreciated, and I can post my Juniper config if it's relevant. Thanks!
 
Old 03-23-2012, 05:55 PM   #2
grog_7
LQ Newbie
 
Registered: Sep 2003
Distribution: Red Hat and derivatives
Posts: 2

Original Poster
Rep: Reputation: 0
Solved! I emailed the ipsec-tools-users mailing list and got some help.

The solution was in my ipsec.conf. I had a "require" clause at the end of each directive, and needed "unique." Switched that, and now both networks are available.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
RHEL 6.1 & Juniper VPN network connect tommaso-o Linux - Networking 2 02-25-2012 04:10 PM
[SOLVED] Juniper Networks - Network Connect Function szboardstretcher Linux - Networking 3 04-13-2011 04:34 PM
connect to juniper vpn failed@fedora10:Firefox3.05 xbuffalo Linux - Networking 0 01-16-2009 12:49 PM
Juniper Network Connect on Slack rhb327 Slackware 0 08-04-2007 12:39 PM
Racoon connect to VPN with Pre shared key and Xauth - need some help bence8810 Linux - Networking 0 05-28-2007 01:55 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration