search for: peers_identifi

Displaying 10 results from an estimated 10 matches for "peers_identifi".

Did you mean: peers_identifier
2007 Feb 03
0
ipsec and x509 certificate
...wondering if someone could help me figure it out. my racoon.conf (I have it mirrored on the connecting machine. path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/certs"; remote anonymous { exchange_mode aggressive,main; my_identifier asn1dn; peers_identifier asn1dn; lifetime time 2 min; # sec,min,hour initial_contact on; proposal_check obey; # obey, strict or claim certificate_type x509 "slave1.public" "slave1.private"; proposal { encryption_algorithm 3des; hash_algorithm...
2004 Sep 24
2
strange behavior of ipsec tunnel mode
...ocal/etc/racoon/psk.txt"; path certificate "/usr/local/etc/racoon/certs"; listen { isakmp 192.168.2.10; strict_address; } remote 192.168.2.11 { exchange_mode main; doi ipsec_doi; situation identity_only; my_identifier asn1dn; peers_identifier asn1dn; verify_identifier on; certificate_type x509 "mad.public" "mad.private"; peers_certfile x509 "laptop.public"; send_cert on; send_cr on; verify_cert on; lifetime time 300 sec; passive off;...
2004 Sep 04
0
Ipsec and kernel 2.6.8
...ec esp/tunnel/192.168.1.2-192.168.1.1/require ah/tunnel/192.168.1.2-192.168.1.1/require; spdadd 0.0.0.0/0 192.168.1.2/32 any -P in ipsec esp/tunnel/192.168.1.1-192.168.1.2/require ah/tunnel/192.168.1.1-192.168.1.2/require; Racoon.conf remote 192.168.1.1 { exchange_mode main; my_identifier asn1dn; peers_identifier asn1dn; certificate_type x509 "Memphis.public" "Memphis.private"; peers_certfile "Zeus.public"; proposal{ encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig; dh_group modp1024; #I don''t understand this option } } sainfo anonymo...
2005 Dec 07
1
racoon with freebsd-4.11 crashes
...; strict_check off; exclusive_tail off; } listen { isakmp 192.168.190.43 [500]; } timer { counter 5; interval 20 sec; persend 1; phase1 30 sec; phase2 15 sec; } remote 192.168.190.43 { exchange_mode main; doi ipsec_doi; situation identity_only; my_identifier address 192.168.190.44; peers_identifier address 192.168.190.43; lifetime time 24 hour; nonce_size 16; initial_contact on; proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 1; } } sainfo address 192.168.190.44 any address 192.168.190.43 any { pf...
2004 Nov 24
0
(no subject)
...o complete each phase. phase1 30 sec; phase2 15 sec; } remote anonymous { exchange_mode aggressive; doi ipsec_doi; generate_policy on; passive on; lifetime time 24 hour; #my_identifier user_fqdn "REMOVED"; peers_identifier user_fqdn "REMOVED"; verify_identifier on; proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group modp1024;...
2004 Nov 24
1
A haunting problem
...o complete each phase. phase1 30 sec; phase2 15 sec; } remote anonymous { exchange_mode aggressive; doi ipsec_doi; generate_policy on; passive on; lifetime time 24 hour; #my_identifier user_fqdn "REMOVED"; peers_identifier user_fqdn "REMOVED"; verify_identifier on; proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group modp1024;...
2005 May 12
1
Has anybody managed to get native IPSec working?
..._type line might get wrapped around by my mail client, but it is a single line in the configuration file). This is store in /etc/racoon/192.168.1.100.conf, which is included from racoon.conf. remote 192.168.1.100 { exchange_mode aggressive, main; my_identifier asn1dn; peers_identifier asn1dn; certificate_type x509 "/etc/racoon/certs/host-a.public" "/etc/racoon/certs/host-a.private"; peers_certfile "/etc/racoon/certs/host-b.public"; proposal { encryption_algorithm 3des; hash_algorithm sh...
2007 Sep 03
3
Shorewall + IPSec: help debugging why gw1<->gw2 SA works, but loc<->gw2 traffic doesn't trigger SA
...icate "/etc/racoon/certs"; > > listen > { > isakmp 5.6.7.8; > } > > remote 1.2.3.4 > { > exchange_mode main; > certificate_type x509 "sandy.pem" "sandy_key.pem"; > verify_cert on; > my_identifier asn1dn ; > peers_identifier asn1dn ; > verify_identifier on ; > lifetime time 24 hour ; > proposal { > encryption_algorithm blowfish; > hash_algorithm sha1; > authentication_method rsasig ; > dh_group 2 ; > } > } > > sainfo address 192.168.3.0/...
2007 Nov 15
2
IPSEC help
...sr/local/openssl/certs" ; # "log" specifies logging level. It is followed by either "notify", "debug" # or "debug2". log debug; remote anonymous { exchange_mode main,aggressive,base; #exchange_mode main,base; my_identifier asn1dn; peers_identifier asn1dn; certificate_type x509 "bsd.public" "bsd.priv" ; lifetime time 24 hour ; # sec,min,hour #initial_contact off ; #passive on ; # phase 1 proposal (for ISAKMP SA) proposal { encryption_algorithm 3des; hash_algorithm sha1;...
2004 Jul 26
1
Cisco IOS and racoon
...# the number of packets per a send. # timer for waiting to complete each phase. phase1 30 sec; phase2 15 sec; } remote anonymous { #exchange_mode main,aggressive; exchange_mode main,base,aggressive; doi ipsec_doi; #situation identity_only; my_identifier user_fqdn "bbedevil"; peers_identifier user_fqdn "bbeameliarouter"; nonce_size 16; lifetime time 10000 sec; initial_contact on; support_mip6 on; proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm md5; authentication_method pre_shared_key ; dh_group 2 ; } } sainfo anonymous { pfs_group...