1 |
Thanks Graham, |
2 |
|
3 |
On Saturday 16 May 2009, Graham Murray wrote: |
4 |
|
5 |
> Here are some samples. |
6 |
> |
7 |
> /etc/racoon/racoon.conf |
8 |
|
9 |
> /etc/racoon/psk.txt |
10 |
|
11 |
> /etc/ipsec.conf |
12 |
|
13 |
Do I need a /etc/setkey.conf file? How do I create it? |
14 |
|
15 |
When I run '/etc/init.d/racoon start' this is what I get: |
16 |
=========================================== |
17 |
# /etc/init.d/racoon --verbose restart |
18 |
* Loading ipsec policies from /etc/ipsec.conf. |
19 |
* Starting racoon ... |
20 |
/usr/sbin/racoon: invalid option -- '4' |
21 |
usage: racoon [-BdFv] [-a (port)] [-f (file)] [-l (file)] [-p (port)] |
22 |
-B: install SA to the kernel from the file specified by the configuration |
23 |
file. |
24 |
-d: debug level, more -d will generate more debug message. |
25 |
-C: dump parsed config file. |
26 |
-L: include location in debug messages |
27 |
-F: run in foreground, do not become daemon. |
28 |
-v: be more verbose |
29 |
-a: port number for admin port. |
30 |
-f: pathname for configuration file. |
31 |
-l: pathname for log file. |
32 |
-p: port number for isakmp (default: 500). |
33 |
-P: port number for NAT-T (default: 4500). [ !! ] |
34 |
=========================================== |
35 |
|
36 |
I am not sure I do this right. The remote router's LAN is 10.10.10.0/24. |
37 |
This is the same like my local LAN's subnet. My local LAN ip is 10.10.10.5. |
38 |
|
39 |
The remote router is giving (or is it expecting?) addresses for clients in the |
40 |
172.16.1.0/24 subnet. How should I configure the /etc/ipsec.conf file? |
41 |
-- |
42 |
Regards, |
43 |
Mick |