Date: Tue, 22 Jun 2010 17:11:58 +0200 From: <ralf@dzie-ciuch.pl> To: VANHULLEBUS Yvan <vanhu@FreeBSD.org> Cc: freebsd-net@freebsd.org Subject: Re: vpn trouble Message-ID: <c5781e9db1e6339b5b23c0c403c68d9a@ewipo.pl> In-Reply-To: <20100622143543.GA72020@zeninc.net> References: <87260c422232fa7409a4b374341dd106@ewipo.pl> <20100622143543.GA72020@zeninc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Thanks for help I new on it and I never use VPN, only I have to do it. Please tell me how to check peer's log? I dont know how to check it? Have I change my racoon.conf exchange to aggressive, main? I forgot send last time - on the other side is cisco router, maybe this is important Regards Ralf On Tue, 22 Jun 2010 16:35:43 +0200, VANHULLEBUS Yvan <vanhu@FreeBSD.org> wrote: > On Tue, Jun 22, 2010 at 03:59:50PM +0200, ralf@dzie-ciuch.pl wrote: >> >> Hi, > > Hi. > > >> I try to configure VPN over my server and my client > [....] > > According to your racoon's debug (and confirmed by tcpdump), racoon > tries to initiate a phase1 negociation, but never gets any answer from > peer, so you may start by checking peer's logs, and/or compare both > configurations. > > [....] >> exchange_mode main, aggressive; # For Firewall-1 Aggressive mode > > If that comment in your racoon.conf is right, this is probably your > (first ?) configuration issue: as initiator, racoon will use the first > listed mode, so it will try a main mode negociation here. > > Note that, if you have complete access to configurations, aggressive > mode has a lower security level than main mode, so should be avoided > when main mode can also be used ! > > > Yvan. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c5781e9db1e6339b5b23c0c403c68d9a>