[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(racoon 953) Re: IKE2 IPSEC Tunnel Mode using Racoon2
Hi,
At Thu, 27 Jul 2006 15:55:18 -0400,
"Glenn Bronson" <gbronson@airvana.com> wrote:
>
> Has anyone successfully run the KAME for racoon2 IKE2 in tunnel mode?
> All the samples are racoon2.conf transport mode, and I have to admit
> that I'm baffled when converting it to tunnel mode.
>
> policy {
> ipsec_mode tunnel;
> ipsec_level unique; # Not Yet Implemented, always
> 'require'
> };
>
> selector 32 {
> direction inbound;
> dst 172.112.1.1;
> src 172.134.1.1;
You can write "dst 172.112.1.1/24" and so on.
> upper_layer_protocol "any";
> policy_index tunnel1;
> };
It seems that you trimmed your config file so I'm not sure,
but do you have (another) corresponding selector for "direction
outbound"?
>
> policy tunnel1 {
> action auto_ipsec;
> remote_index tunnel1;
> ipsec_mode tunnel;
> ipsec_index { ipsec_esp; };
> ipsec_level unique;
ipsec_level should be "require" for now.
I'm afraid that "unique" doesn't (yet) work here.
> peers_sa_ipaddr 10.110.112.1;
> my_sa_ipaddr 10.110.134.1;
> };
p.s. All active developers of racoon2 are now
racoon2-users@racoon2.wide.ad.jp, so it is better to ask there.
And could you post the whole config file and iked's log next time?
Thank you for trying racoon2,
--
KAMADA Ken'ichi <kamada@nanohz.org>