Racoon vs. WinVista
Milan BERKA
ber na eunet.cz
Čtvrtek Červen 12 06:20:38 CEST 2008
Dobrý den,
ne že bych věděl v čem je problém, ale padá to na time out. DH group viz
niže (možná)
MB
Jan Marek napsal(a):
> Dobry den,
>
> zapolim s pripojenim WinVista na racoon (a xl2tp)... Zatim jsem
> nepresel pres racoon.
>
> Co mi pise:
>
> racoon: INFO: respond new phase 1 negotiation: 193.179.40.166[500]<=>160.217.1.20[500]
> racoon: INFO: begin Identity Protection mode.
> racoon: INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
> racoon: INFO: received Vendor ID: RFC 3947
> racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
> racoon: INFO: received Vendor ID: FRAGMENTATION
> racoon: INFO: Selected NAT-T version: RFC 3947
> racoon: ERROR: invalid DH group 20.
> racoon: ERROR: invalid DH group 19.
> racoon: ERROR: phase1 negotiation failed due to time up.
>
> racoon.conf (s vyhozenyma adresama):
>
> path certificate "/etc/ssl";
>
> remote anonymous {
> exchange_mode aggressive, main;
> passive on;
> certificate_type x509 "server.pem" "server.key";
> my_identifier asn1dn;
> peers_identifier asn1dn;
> proposal_check obey;
> generate_policy on;
> nat_traversal on;
> verify_cert on;
> dpd_delay 20;
> ike_frag on;
> proposal {
> encryption_algorithm 3des;
> hash_algorithm sha1;
> authentication_method rsasig;
> dh_group 2;
A co tady?
> }
> }
>
> sainfo anonymous {
> # pfs_group 2;
> lifetime time 1 hour;
> encryption_algorithm aes, 3des, des;
> authentication_algorithm hmac_sha1;
> compression_algorithm deflate;
> }
>
> V podstate tusim, ze je problem v dh_group, ale kdyz jsem zkousel
> nastavit v racoon.conf dh_group 19 nebo 20, tak jsem narazil a ve
> Vistach nevim, jak by bylo mozne nastavit, ze chci napr. dh_group
> 2. Na internet-u vyhledane navody (ktere udajne chodi), jsou
> prakticky totozne s tim, co mam v konfiguraku (obcas se objevi
> jine sifry apod, ale podle meho zjisteni si na tyto parametry
> stezuje racoon nejmene).
>
> Mate, prosim, nekdo nejaky napad, jak to posunout dale?
>
> Dekuje a zdravi
> Honza Marek
Další informace o konferenci Linux