| 1 |
Thanks Graham, |
| 2 |
|
| 3 |
On Saturday 16 May 2009, Graham Murray wrote: |
| 4 |
|
| 5 |
> Here are some samples. |
| 6 |
> |
| 7 |
> /etc/racoon/racoon.conf |
| 8 |
|
| 9 |
> /etc/racoon/psk.txt |
| 10 |
|
| 11 |
> /etc/ipsec.conf |
| 12 |
|
| 13 |
Do I need a /etc/setkey.conf file? How do I create it? |
| 14 |
|
| 15 |
When I run '/etc/init.d/racoon start' this is what I get: |
| 16 |
=========================================== |
| 17 |
# /etc/init.d/racoon --verbose restart |
| 18 |
* Loading ipsec policies from /etc/ipsec.conf. |
| 19 |
* Starting racoon ... |
| 20 |
/usr/sbin/racoon: invalid option -- '4' |
| 21 |
usage: racoon [-BdFv] [-a (port)] [-f (file)] [-l (file)] [-p (port)] |
| 22 |
-B: install SA to the kernel from the file specified by the configuration |
| 23 |
file. |
| 24 |
-d: debug level, more -d will generate more debug message. |
| 25 |
-C: dump parsed config file. |
| 26 |
-L: include location in debug messages |
| 27 |
-F: run in foreground, do not become daemon. |
| 28 |
-v: be more verbose |
| 29 |
-a: port number for admin port. |
| 30 |
-f: pathname for configuration file. |
| 31 |
-l: pathname for log file. |
| 32 |
-p: port number for isakmp (default: 500). |
| 33 |
-P: port number for NAT-T (default: 4500). [ !! ] |
| 34 |
=========================================== |
| 35 |
|
| 36 |
I am not sure I do this right. The remote router's LAN is 10.10.10.0/24. |
| 37 |
This is the same like my local LAN's subnet. My local LAN ip is 10.10.10.5. |
| 38 |
|
| 39 |
The remote router is giving (or is it expecting?) addresses for clients in the |
| 40 |
172.16.1.0/24 subnet. How should I configure the /etc/ipsec.conf file? |
| 41 |
-- |
| 42 |
Regards, |
| 43 |
Mick |
Archives