Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

IPSec, racoon, nat-traversal - problem with connecting
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
tuvokhome
n00b
n00b


Joined: 04 Oct 2004
Posts: 17
Location: /pub
PostPosted: Tue Mar 21, 2006 5:38 pm    Post subject: IPSec, racoon, nat-traversal - problem with connecting Reply with quote
That's the situation:

Server, to which I want to connect through IPSec, has local address /server_local/ and static global address /server_global/. The client machine is behind a NAT. Local addres is /client_local/, global address (the address of the gateway) is /gw_ip/.

I get the: "connect: Resource temporarily unavailable" when I try to ping.
No packets are ever sent by client, so there has to be someting wrong with my configuration, probably I don't understand some important part here.

When pinging, logs show:

Mar 21 18:12:01 [racoon] DEBUG: get pfkey ACQUIRE message_
Mar 21 18:12:01 [racoon] DEBUG: ignore because do not listen on source address :
/gw_ip/ ._

I don't get the point. I'm using the nat traversal just to avoid the listening part, so what's up?


The setup of the client looks like this:

/etc/ipsec.conf:
Code:

spdadd /server_local//32 /client_local//32 any -P in ipsec
        esp/tunnel//server_global/-/gw_ip//require;
spdadd /client_local//32 /server_local//32 any -P out ipsec
        esp/tunnel//gw_ip/-/server_global//require;


/etc/racoon/racoon.conf:
Code:

remote /server_global/
{
  exchange_mode main;
  nat_traversal force;

  proposal
  {
    authentication_method pre_shared_key;
    encryption_algorithm 3des;
    hash_algorithm md5;
    dh_group modp1024;
  }
}

sainfo address /server_local//32 any address /client_local//32 any
{
  pfs_group modp768;
  encryption_algorithm 3des;
  authentication_algorithm hmac_md5;
  compression_algorithm deflate;
}


I'm not at all sure of the confguration. This is what I managed to deduce from the docs.
I don't put server conf here, as it doesn't matter - no packet is ever sent to the server.

What do I miss here? Anyone knows?

Thanks in advance.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy