Linux Racoon IPSec Configuration Question

danmartinj · 01-16-2016, 05:32 PM

Hello,

I have been trying to figure out how I can setup null encryption within IPSec for protocol testing. I was originally referred to StrongSwan but raccoon seemed simpler to use. I am currently testing on Debian 7.4.

My configuration file basically looks like this:

Code:

log notify;
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";

remote 192.168.3.1 {
        exchange_mode main,aggressive;
        proposal {
                encryption_algorithm null_enc;
#                hash_algorithm sha1;
                authentication_method pre_shared_key;
#                dh_group 2;
        }
        generate_policy off;
}

sainfo address 10.3.0.0/16 any address 10.2.0.0/16 any {
        pfs_group 2;
        lifetime time 1 hour;
        encryption_algorithm null_enc;
        authentication_algorithm hmac_md5;
        compression_algorithm deflate;
}

By changing encryption to des I can get IPSec to work. However, using null or null_enc I get error messages such as:

Quote:

Jan 16 18:30:01 tester racoon: INFO: Reading configuration from "/etc/racoon/racoon.conf"
Jan 16 18:30:01 tester racoon: ERROR: /etc/racoon/racoon.conf:26: ";" algorithm mismatched 1
Jan 16 18:30:01 tester racoon: ERROR: fatal parse failure (1 errors)

I know I have Kernel module support for NULL encryption so at this point I don't know exactly what to do. Perhaps someone has some suggestions or comments?

Thanks,

Joe

danmartinj · 01-18-2016, 01:03 PM

To answer my own post I could not get null encryption to work with raccoon. I actually went back to strongswan. Sure it seems more complex "to me it did at least" but it is actually even simpler to setup then raccoon and it just works. So my suggestion if anyone has the same problem stick with strong swan.