search for: pre_shared_key

...for the tunnel to come back up. If I stop and restart racoon, it takes only 60 seconds. I'd prefer to cut this time down on both to 30 seconds or less. Below is my racoon.conf. I've watched the racoon logs, and it doesn't give me any errors, or failed negotiations. Any ideas? path pre_shared_key "/usr/local/etc/racoon/psk.txt"; remote anonymous { exchange_mode aggressive; doi ipsec_doi; situation identity_only; \ nonce_size 256; lifetime time 30 min; # sec,min,hour initial_contact on; support_mip6 off; proposal...

....1.42/require ah/tunnel/192.168.1.250-192.168.1.42/require; spdadd 10.1.1.0/24 10.10.42.0/24 any -P out ipsec esp/tunnel/192.168.1.42-192.168.1.250/require ah/tunnel/192.168.1.42-192.168.1.250/require; racoon.conf on phaedrus: path include "/etc/racoon"; path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs"; remote 192.168.1.250 { exchange_mode aggressive,main; doi ipsec_doi; situation identity_only; my_identifier address; lifetime time 2 min; # sec,min,hour initia...

...if i am doing something wrong. The config file is given below. I have compiled the kernel with IPSEC ,IPSEC_ESP options. I am using a preshared key file. my configuration file is given below: #!/usr/local/bin/racoon # CONFIGURATION FILE FOR 192.168.190.44 path include "/root"; path pre_shared_key "/root/psk.txt"; log debug2; padding { maximum_length 20; randomize off; strict_check off; exclusive_tail off; } listen { isakmp 192.168.190.43 [500]; } timer { counter 5; interval 20 sec; persend 1; phase1 30 sec; phase2 15 sec; } remote 192.168.190.43 { exchange_mode main...

...68.10.0/24 192.168.20.0/24 any -P out ipsec esp/tunnel/192.168.0.67-192.168.0.254/require; spdadd 192.168.20.0/24 192.168.10.0/24 any -P in ipsec esp/tunnel/192.168.0.254-192.168.0.67/require; -------- #/etc/raccon/raccon.conf # path include "/etc/racoon"; path pre_shared_key "/etc/racoon/psk.txt"; remote 192.168.0.254 { exchange_mode main; lifetime time 8 hour; # sec,min,hour proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key;...

...erfectly example: telnet 203.96.213.73 80 example: telnet 202.37.230.93 80 and the request is answered using the correct interface. On the same router I have configured raccoon (kernel 2.6 obviously) rama-kandra root # cat /etc/racoon/racoon.conf path include "/etc/racoon"; path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/cert"; padding { maximum_length 20; # maximum padding length. randomize off; # enable randomize length. strict_check off; # enable strict check. exclusive_tail off;...

...rver running racoon[2]. If anyone can assist with this, I would really appreciate it. I've been scratching my head for a day trying to figure out what's going on.. Thanks! -J !<-------- [1] Racoon Configuration below ---------> path include "/usr/local/etc/racoon" ; path pre_shared_key "/usr/local/etc/racoon/psk.txt" ; # "log" specifies logging level. It is followed by either "notify", "debug" # or "debug2". #log debug; # "padding" defines some parameter of padding. You should not touch these. padding { maxim...

....10 responds with three packets on each ping. why is it so ? what should i od to get proper ipsec configuration here ? i can add that same results are with other protocols as well. bellow is my configuration: on host 192.168.2.10: raccon.conf path include "/usr/local/etc/racoon"; path pre_shared_key "/usr/local/etc/racoon/psk.txt"; path certificate "/usr/local/etc/racoon/certs"; listen { isakmp 192.168.2.10; strict_address; } remote 192.168.2.11 { exchange_mode main; doi ipsec_doi; situation identity_only; my_identifier asn...

...erfectly example: telnet 203.96.213.73 80 example: telnet 202.37.230.93 80 and the request is answered using the correct interface. On the same router I have configured raccoon (kernel 2.6 obviously) rama-kandra root # cat /etc/racoon/racoon.conf path include "/etc/racoon"; path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/cert"; padding { maximum_length 20; # maximum padding length. randomize off; # enable randomize length. strict_check off; # enable strict check. exclusive_tail off;...

Hi, When a IPSec tunnel is established between two peers, I understand that the "normal" situation is to have in a given moment two SAs, one for each direction of the tunnel. However, in one of my tunnels (peer P1 running GNU/Linux with setkey and racoon; peer P2 is a Cisco router) there is a large number (around 19) of SAs established (this has been observed in P1 with

...t 500; kmp_enc_alg { aes256_cbc; aes192_cbc; 3des_cbc; }; kmp_prf_alg { hmac_md5; hmac_sha1; aes128_cbc; }; kmp_hash_alg { hmac_md5; hmac_sha1; aes_xcbc; }; kmp_dh_group { 5; }; kmp_auth_method { psk; }; pre_shared_key "${PSKDIR}/secret.psk"; }; selector_index 42; }; selector 41 { direction outbound; src 172.20.36.55; dst 172.20.36.52; upper_layer_protocol "tcp"; policy_index TUNNEL; }; selector 42 { direction inbound; dst...

...CentOS5) and server uses version 0.7 >> (downloaded from >>> ipsec-tools website). >>> >>> My server configuration is: >>> >>> path include "/etc/racoon"; >>> path certificate "/etc/racoon/certs"; >>> path pre_shared_key "/etc/racoon/psk.txt"; >>> path pidfile "/var/run/racoon.pid"; >>> #log debug; >>> >>> listen { >>> adminsock "/var/racoon/racoon.sock" "root" "nobody" 0660; >>> isakmp 172.28.4...

...a roadwarrior client, CentOS5 too. Roadwarrior use ipsec-tools version 0.6.5-8 (that comes with CentOS5) and server uses version 0.7 (downloaded from ipsec-tools website). My server configuration is: path include "/etc/racoon"; path certificate "/etc/racoon/certs"; path pre_shared_key "/etc/racoon/psk.txt"; path pidfile "/var/run/racoon.pid"; #log debug; listen { adminsock "/var/racoon/racoon.sock" "root" "nobody" 0660; isakmp 172.28.45.4 [500]; isakmp_natt 172.28.45.4 [4500]; } remote anonymous {...

hi I''m trying to get ipsec working with x509 certificates however I just can''t seem to. I''ve hit a road block and was wondering if someone could help me figure it out. my racoon.conf (I have it mirrored on the connecting machine. path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/certs"; remote anonymous { exchange_mode aggressive,main; my_identifier asn1dn; peers_identifier asn1dn; lifetime time 2 min; # sec,min,hour initial_contact on; proposal_check obey; # obey, s...

...send_cr off; send_cert off; lifetime time 2 min; # sec,min,hour initial_contact on; proposal_check obey; # obey, strict or claim proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2; } } ERROR MESSAGE ################ 2007-03-22 14:53:53: INFO: begin Identity Protection mode. 2007-03-22 14:53:53: INFO: received Vendor ID: DPD 2007-03-22 14:53:53: ERROR: Invalid CR type 0 Rowan Reid, Job Captain STUDIO 3 ARCHITECTS Upland New...

...e racoon.conf file looks like this (I made no changes to it, as installed by ipsec-tools, include statement added by ifup-ipsec script): # Racoon IKE daemon configuration file. # See 'man racoon.conf' for a description of the format and entries. path include "/etc/racoon"; path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs"; sainfo anonymous { pfs_group 2; lifetime time 1 hour ; encryption_algorithm 3des, blowfish 448, rijndael ; authentication_algorithm hmac_sha1, hmac_md5 ; compression_algori...

...oon.conf.in,v 1.18 2001/08/16 06:33:40 itojun Exp $ # "path" must be placed before it should be used. # You can overwrite which you defined, but it should not use due to confusing. path include "/usr/local/etc/racoon" ; #include "remote.conf" ; # search this file for pre_shared_key with various ID key. path pre_shared_key "/usr/local/etc/racoon/psk.txt" ; # racoon will look for certificate file in the directory, # if the certificate/certificate request payload is received. path certificate "/usr/local/etc/cert" ; # "log" specifies logging level...