Having followed this documentation over and over again: http://www.redhat.com/docs/manuals/enterprise/RHEL-3-Manual/security-guide/s1-ipsec-host2host.html One machine is FC3 the other RHEL4 (pretty similar) I cannot get these 2 hosts that are on the same network to pass any traffic to each other. I see that the tunnel is established, Mar 4 17:40:09 saturn racoon: INFO: unsupported PF_KEY message REGISTER Mar 4 17:40:25 saturn racoon: INFO: respond new phase 1 negotiation: 192.168.0.200[500]<=>192.168.0.203[500] Mar 4 17:40:25 saturn racoon: INFO: begin Aggressive mode. Mar 4 17:40:25 saturn racoon: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address. Mar 4 17:40:25 saturn racoon: INFO: ISAKMP-SA established 192.168.0.200 [500]-192.168.0.203[500] spi:e4dc7a800a339f4a:f2247856aa9a0c57 Mar 4 17:40:26 saturn racoon: INFO: respond new phase 2 negotiation: 192.168.0.200[0]<=>192.168.0.203[0] Mar 4 17:40:27 saturn racoon: INFO: IPsec-SA established: AH/Transport 192.168.0.203->192.168.0.200 spi=54093889(0x3396841) Mar 4 17:40:27 saturn racoon: INFO: IPsec-SA established: ESP/Transport 192.168.0.203->192.168.0.200 spi=44115096(0x2a12498) Mar 4 17:40:27 saturn racoon: INFO: IPsec-SA established: AH/Transport 192.168.0.200->192.168.0.203 spi=264377756(0xfc2159c) Mar 4 17:40:27 saturn racoon: INFO: IPsec-SA established: ESP/Transport 192.168.0.200->192.168.0.203 spi=232232718(0xdd7970e) but then when I try to connect from one machine to the other i get: # telnet 192.168.0.200 389 Trying 192.168.0.200... telnet: connect to address 192.168.0.200: Resource temporarily unavailable telnet: Unable to connect to remote host: Resource temporarily unavailable Is this a bug? /etc/racoon/racoon.conf: path include "/etc/racoon"; path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs"; log debug; remote anonymous { exchange_mode aggressive,main,base; lifetime time 24 hour; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2; } } sainfo anonymous { pfs_group 2; lifetime time 1 hour ; encryption_algorithm 3des, blowfish 448, rijndael ; authentication_algorithm hmac_sha1, hmac_md5 ; compression_algorithm deflate ; } # cat /etc/sysconfig/network-scripts/ifcfg-ipsec0 DEVICE=ipsec0 DST=192.168.0.200 TYPE=IPsec ONBOOT=yes IKE_METHOD=PSK -- slr. b0n0b0 #qmail on efnet key: 0x0B65ABDC - http://wwwkeys.pgp.net:11371
