Date: Tue, 14 Nov 2000 09:13:35 -0500 From: "Cambria, Mike" <mcambria@avaya.com> To: 'Jason DiCioccio' <Jason.DiCioccio@Epylon.com>, 'Sam Wun' <swun@eSec.com.au> Cc: security@FreeBSD.ORG Subject: RE: racoon -> isakmpd Message-ID: <443F9E4C6D67D4118C9800A0C9DD99D710815D@rerun.lucentctc.com>
next in thread | raw e-mail | index | archive | help
This isn't an answer to your specific question, but I've been able to get
racoon on FreeBSD 4.2-Beta working with a few other IPSec products I've been
evaluating. The racoon log file can point you into the right area of the
config file which needs to change. The log file of the other end can't hurt
either.
Make sure that you are using the latest racoon port (racoon-20001017b). The
syntax has changed, the man page for racoon.conf updated (but the date of
the man page is the same <g>) All the core dumps I had also went away.
A few things I remember:
I use anonymous for both remote and sainfo. I haven't tried being specific
yet.
In your remote directive, make sure your dh_group mataches that of your
partner. The log file will tell you what the other end is using and if
these match.
In your sainfo, comment out the pfs_group (or make sure it matches; again
from the log file). Also, I had trouble with the sainfo lifetime byte and
lifetime time values. The log complained that the other end sent values
where were not even close to what racoon was using. Make them match.
Good luck,
MikeC
Michael C. Cambria Avaya Inc.
Former Enterprise Networks Group of
Lucent Technologies
Voice: (978) 287 - 2807 300 Baker Avenue
Fax: (978) 287 - 2810 Concord, Massachusetts 01742
Internet: mcambria@avaya.com <mailto:mcambria@avaya.com>
-----Original Message-----
From: Jason DiCioccio [mailto:Jason.DiCioccio@Epylon.com]
Sent: Monday, November 13, 2000 9:24 PM
To: 'Sam Wun'
Cc: security@FreeBSD.ORG
Subject: RE: racoon -> isakmpd
I would be interested in this too if anyone knows
-------
Jason DiCioccio
Unix BOFH
mailto:jasond@epylon.com
415-593-2761 Direct & Fax
415-593-2900 Main
Epylon Corporation
645 Harrison Street, Suite 200
San Francisco, CA 94107
www.epylon.com
OK, so you're a Ph.D. Just don't touch anything.
-----Original Message-----
From: Sam Wun [mailto:swun@eSec.com.au]
Sent: Monday, November 13, 2000 6:36 PM
Cc: security@FreeBSD.ORG
Subject: racoon -> isakmpd
Hi!
Does anyone got a FreeBSD box with racoon working together with a
OpenBSD box with isakmpd as a VPN?
Our headoffice uses OpenBSD on their firewall and uses isakmpd for
VPN,
I want to use FreeBSD with racoon but with no sucess.
Any working configs out there?
Thanks
Sam.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
<< File: Jason DiCioccio.vcf >>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?443F9E4C6D67D4118C9800A0C9DD99D710815D>