Racoon vs. WinVista

Jan Marek jmarek na jcu.cz
Středa Červen 11 11:08:10 CEST 2008 

Dobry den,

zapolim s pripojenim WinVista na racoon (a xl2tp)... Zatim jsem
nepresel pres racoon.

Co mi pise:

racoon: INFO: respond new phase 1 negotiation: 193.179.40.166[500]<=>160.217.1.20[500]
racoon: INFO: begin Identity Protection mode.
racoon: INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
racoon: INFO: received Vendor ID: RFC 3947
racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
racoon: INFO: received Vendor ID: FRAGMENTATION
racoon: INFO: Selected NAT-T version: RFC 3947
racoon: ERROR: invalid DH group 20.
racoon: ERROR: invalid DH group 19.
racoon: ERROR: phase1 negotiation failed due to time up.

racoon.conf (s vyhozenyma adresama):

path certificate "/etc/ssl";

remote anonymous {
        exchange_mode aggressive, main;
        passive on;
        certificate_type x509 "server.pem" "server.key";
        my_identifier asn1dn;
        peers_identifier asn1dn;
        proposal_check obey;
        generate_policy on;
        nat_traversal on;
        verify_cert on;
        dpd_delay 20;
        ike_frag on;
        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method rsasig;
                dh_group 2;
        }
}

sainfo anonymous {
#       pfs_group 2;
        lifetime time 1 hour;
        encryption_algorithm aes, 3des, des;
        authentication_algorithm hmac_sha1;
        compression_algorithm deflate;
}

V podstate tusim, ze je problem v dh_group, ale kdyz jsem zkousel
nastavit v racoon.conf dh_group 19 nebo 20, tak jsem narazil a ve
Vistach nevim, jak by bylo mozne nastavit, ze chci napr. dh_group
2. Na internet-u vyhledane navody (ktere udajne chodi), jsou
prakticky totozne s tim, co mam v konfiguraku (obcas se objevi
jine sifry apod, ale podle meho zjisteni si na tyto parametry
stezuje racoon nejmene).

Mate, prosim, nekdo nejaky napad, jak to posunout dale?

Dekuje a zdravi
Honza Marek
-- 
Ing. Jan Marek               | Nez mi poslete prilohu .doc, .xls 
University of South Bohemia  | nebo .ppt, prectete si, prosim,
Academic Computer Centre     | WWW stranku uvedenou na poslednim
Phone: +420-38-9032080       | radku signatury...
http://www.gnu.org/philosophy/no-word-attachments.cs.html

Další informace o konferenci Linux