IPSec Woes...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Having followed this documentation over and over again: 
http://www.redhat.com/docs/manuals/enterprise/RHEL-3-Manual/security-guide/s1-ipsec-host2host.html

One machine is FC3 the other RHEL4 (pretty similar)

I cannot get these 2 hosts that are on the same network to pass any traffic to 
each other. I see that the tunnel is established,

Mar  4 17:40:09 saturn racoon: INFO: unsupported PF_KEY message REGISTER
Mar  4 17:40:25 saturn racoon: INFO: respond new phase 1 negotiation: 
192.168.0.200[500]<=>192.168.0.203[500]
Mar  4 17:40:25 saturn racoon: INFO: begin Aggressive mode.
Mar  4 17:40:25 saturn racoon: NOTIFY: couldn't find the proper pskey, try to 
get one by the peer's address.
Mar  4 17:40:25 saturn racoon: INFO: ISAKMP-SA established 192.168.0.200
[500]-192.168.0.203[500] spi:e4dc7a800a339f4a:f2247856aa9a0c57
Mar  4 17:40:26 saturn racoon: INFO: respond new phase 2 negotiation: 
192.168.0.200[0]<=>192.168.0.203[0]
Mar  4 17:40:27 saturn racoon: INFO: IPsec-SA established: AH/Transport 
192.168.0.203->192.168.0.200 spi=54093889(0x3396841)
Mar  4 17:40:27 saturn racoon: INFO: IPsec-SA established: ESP/Transport 
192.168.0.203->192.168.0.200 spi=44115096(0x2a12498)
Mar  4 17:40:27 saturn racoon: INFO: IPsec-SA established: AH/Transport 
192.168.0.200->192.168.0.203 spi=264377756(0xfc2159c)
Mar  4 17:40:27 saturn racoon: INFO: IPsec-SA established: ESP/Transport 
192.168.0.200->192.168.0.203 spi=232232718(0xdd7970e)

 but then when I try to connect from one machine to the other i get:

# telnet 192.168.0.200 389
Trying 192.168.0.200...
telnet: connect to address 192.168.0.200: Resource temporarily unavailable
telnet: Unable to connect to remote host: Resource temporarily unavailable

Is this a bug? 

/etc/racoon/racoon.conf:

path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
log debug;

remote anonymous
     {
             exchange_mode aggressive,main,base;
             lifetime time 24 hour;
             proposal {
                     encryption_algorithm 3des;
                     hash_algorithm sha1;
                     authentication_method pre_shared_key;
                     dh_group 2;
             }
     }

sainfo anonymous
{
        pfs_group 2;
        lifetime time 1 hour ;
        encryption_algorithm 3des, blowfish 448, rijndael ;
        authentication_algorithm hmac_sha1, hmac_md5 ;
        compression_algorithm deflate ;
}

# cat /etc/sysconfig/network-scripts/ifcfg-ipsec0
DEVICE=ipsec0
DST=192.168.0.200
TYPE=IPsec
ONBOOT=yes
IKE_METHOD=PSK

-- 
slr.
b0n0b0 #qmail on efnet
key: 0x0B65ABDC - http://wwwkeys.pgp.net:11371


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux