Hi, I have a problem with vpn site-to-site with two end-point then are two static public ip.
On one point I use FC3 with kernel 2.6 and on another point I use FC1 with kernel 2.4.
The authentication method then I have used is rsa key, on both end-point I have generated key in this mode:
#ipsec newhostkey --output /etc/ipsec.secrets
..and my ipsec.conf is:
config setup
# eth0 e' l'int pub del fw
interfaces="ipsec0=eth0"
nat_traversal=yes
# default configuration
conn %default
authby=rsasig
conn sedeprinsedesecond
auto=start
pfs=yes
left=4.3.2.1
leftsubnet=192.168.1.0/24
leftnexthop=4.3.2.2
leftrsasigkey=blablabla
right=1.2.3.4
rightsubnet=10.0.0.0/24
rightnexthop=1.2.3.5
rightrsasigkey=cccaaa
000 "sedeprinsedesecond": 192.168.1.0/24===4.3.2.1:4500---4.3.2.2...1.2.3.5---1.2.3.4:4500===10.0.0.0/24; prospective erouted; eroute owner: #0
000 "sedeprinsedesecond": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "sedeprinsedesecond": policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24; interface: eth0;
000 "sedeprinsedesecond": newest ISAKMP SA: #1; newest IPsec SA: #0;
000 "sedeprinsedesecond": IKE algorithms wanted: 5_000-1-5, 5_000-1-2, 5_000-2-5, 5_000-2-2, flags=-strict
000 "sedeprinsedesecond": IKE algorithms found: 5_192-1_128-5, 5_192-1_128-2, 5_192-2_160-5, 5_192-2_160-2,
000 "sedeprinsedesecond": IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
000 "sedeprinsedesecond": ESP algorithms wanted: 3_000-1, 3_000-2, flags=-strict
000 "sedeprinsedesecond": ESP algorithms loaded: 3_000-1, 3_000-2, flags=-strict
000
000 #20: "sedeprinsedesecond" STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_RETRANSMIT in 2s
000 #1: "sedeprinsedesecond" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 1850s; newest ISAKMP
000
..buy in this vpn type (site-to-site) I can to use what authentication method also "shared secret" ??
..where can be a problem ??
thanks.
Salvatore.
