LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 10-25-2009, 01:01 PM   #1
cizzi
Member
 
Registered: Jun 2001
Distribution: Gentoo
Posts: 138

Rep: Reputation: 17
help with racoon/ipsec


I'm trying to get ipsec/racoon working so all my wlan/lan connections are encrypted but I have errors. Here's the output of racoon -F after i tried to do a telnet

root@country:/etc/racoon# racoon -F
Foreground mode.
2009-10-25 13:57:35: INFO: @(#)ipsec-tools 0.7 (http://ipsec-tools.sourceforge.net)
2009-10-25 13:57:35: INFO: @(#)This product linked OpenSSL 0.9.8g 19 Oct 2007 (http://www.openssl.org/)
2009-10-25 13:57:35: INFO: Reading configuration from "/etc/racoon/racoon.conf"
2009-10-25 13:57:35: INFO: Resize address pool from 0 to 255
2009-10-25 13:57:35: INFO: 127.0.0.1[500] used as isakmp port (fd=6)
2009-10-25 13:57:35: INFO: 127.0.0.1[500] used for NAT-T
2009-10-25 13:57:35: INFO: 192.168.0.249[500] used as isakmp port (fd=7)
2009-10-25 13:57:35: INFO: 192.168.0.249[500] used for NAT-T
2009-10-25 13:57:35: INFO: 192.168.122.1[500] used as isakmp port (fd=8)
2009-10-25 13:57:35: INFO: 192.168.122.1[500] used for NAT-T
2009-10-25 13:57:35: INFO: ::1[500] used as isakmp port (fd=9)
2009-10-25 13:57:35: INFO: fe80::219:d1ff:fe08:132e%eth0[500] used as isakmp port (fd=10)
2009-10-25 13:57:35: INFO: fe80::fcd8:1fff:fe15:21f1%virbr0[500] used as isakmp port (fd=11)
2009-10-25 13:57:47: INFO: IPsec-SA request for 10.0.2.15 queued due to no phase1 found.
2009-10-25 13:57:47: INFO: initiate new phase 1 negotiation: 192.168.0.249[500]<=>10.0.2.15[500]
2009-10-25 13:57:47: INFO: begin Aggressive mode.
2009-10-25 13:58:18: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 10.0.2.15[0]->192.168.0.249[0]
2009-10-25 13:58:18: INFO: delete phase 2 handler.

Both my racoon.conf are identical as follows:

root@country:/etc/racoon# cat racoon.conf
path pre_shared_key "/etc/racoon/psk.txt";

remote anonymous
{
exchange_mode aggressive,main;
doi ipsec_doi;
situation identity_only;

my_identifier address;

lifetime time 2 min; # sec,min,hour
initial_contact on;
proposal_check obey; # obey, strict or claim

proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2 ;
}
}

sainfo anonymous
{
pfs_group 1;
lifetime time 2 min;
encryption_algorithm 3des ;
authentication_algorithm hmac_sha1;
compression_algorithm deflate ;
}

and I also have a file called rules which i run

#!/usr/sbin/setkey -f
flush;
spdflush;

spdadd 192.168.0.249 10.0.2.15 any -P out ipsec
esp/transport//require;

spdadd 10.0.2.15 192.168.0.249 any -P in ipsec
esp/transport//require;

the other machine has the same file

and lastly i have the password file

root@country:/etc/racoon# cat psk.txt
# IPv4/v6 addresses
10.0.2.15 testpw
root@country:/etc/racoon#

the other host has this file but with the other host's ip and same password

I need to know why its not working and how to troubleshoot it, thanks
 
Old 10-25-2009, 03:20 PM   #2
cizzi
Member
 
Registered: Jun 2001
Distribution: Gentoo
Posts: 138

Original Poster
Rep: Reputation: 17
I figured it out, I was using 10.0.2.15 in my windows virtualbox machine and that seemed to be the problem, by using abother host on the 192.168.0 subnet fixed the problem.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ipsec-tools: How Racoon works? zivota Linux - Software 1 09-01-2009 11:48 PM
ipsec (racoon, setkey) and traffic supaflyzzz Linux - Security 3 02-24-2009 06:58 AM
Linux to cisco IPsec problems using Racoon. robalba Linux - Networking 2 12-05-2008 03:43 PM
Need help creating an IPSec/Racoon script s0n|k Linux - Networking 0 01-19-2007 09:09 AM
IPsec : Problem with racoon HaPagan Linux - Security 1 11-30-2005 12:23 AM


All times are GMT -5. The time now is 10:34 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration