настройки DFL-600 v 3.00
Tunnel Name: t1
Peer Tunnel Type: Static IP address
Termination IP: XXX.XXX.XXX.XXX
DomainName:
Peer ID Type: Address(IPV4_Addr)
Peer ID:
Shared Key: XXXXXX
IKE MOde: Main
Encapsulation: Tunnel
NAT traversal: Normal
IPSec Operation: ESP

P1 Proposals: P1Param NOT_SET
NOT_SET NOT_SET

P2 Proposals: P2Param NOT_SET
NOT_SET NOT_SET

Target Host Range
Starting Taget Host: 192.168.0.1
Subnet Mask: 255.255.255.0

------------------------------------
Phase 1 Proposal
Name: P1Param
DH Group: Group 2
IKE Life Duration: 28800
IKE Encryption: 3DES
IKE Hash: MD5

Phase 2 Proposal
Name: P2Param
PFS MOde: Group 2
Encapsulation: ESP
IPSec Life Duration: 28800
Encryption: 3DES
Auth. : HMAC-MD5

настройки OpenSWAN

config setup
interfaces="ipsec1=eth2" # new default is %defaultroute
plutodebug=all
klipsdebug=all
nat_traversal=yes
pluto=yes

conn Test
type=tunnel
left=192.168.2.2
leftnexthop=10.0.0.1
#leftsubnet=192.168.1.0/24
right=192.168.2.1
rightnexthop=10.0.0.2
#rightsubnet=192.168.0.0/24
keyexchange=ike
ikelifetime=1h
auth=esp
pfs=yes
authby=secret
auto=start

include /etc/ipsec.d/examples/no_oe.conf

после запуска ipsec сваливается при проверки секрета
Mar 25 10:41:04 route1 pluto[3132]: | started looking for secret for 192.168.2.2->192.168.2.1 of kind PPK_PSK
Mar 25 10:41:04 route1 pluto[3132]: | actually looking for secret for 192.168.2.2->192.168.2.1 of kind PPK_PSK
Mar 25 10:41:04 route1 pluto[3132]: | 1: compared PSK 192.168.2.1 to 192.168.2.2 / 192.168.2.1 -> 2
Mar 25 10:41:04 route1 pluto[3132]: | 2: compared PSK 192.168.2.2 to 192.168.2.2 / 192.168.2.1 -> 6
Mar 25 10:41:04 route1 pluto[3132]: | best_match 0>6 best=0x9b106e0 (line=2)
Mar 25 10:41:04 route1 pluto[3132]: | concluding with best_match=6 best=0x9b106e0 (lineno=2)
Mar 25 10:41:04 route1 pluto[3132]: | ******parse ISAKMP Oakley attribute:
Mar 25 10:41:04 route1 pluto[3132]: | af+type: OAKLEY_GROUP_DESCRIPTION
Mar 25 10:41:04 route1 pluto[3132]: | length/value: 4
Mar 25 10:41:04 route1 pluto[3132]: | [4 is OAKLEY_GROUP_GP185]
Mar 25 10:41:04 route1 pluto[3132]: "Test" #1: only OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported. Attribute OAKLEY_GROUP_DESCRIPTION
Mar 25 10:41:04 route1 pluto[3132]: "Test" #1: no acceptable Oakley Transform

при попытки обменяться ключами через racoon.

настройки racoon

path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";

listen
{
isakmp 192.168.2.2 [500];
}

remote 192.168.2.1
{
exchange_mode aggressive, main;
my_identifier address;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2 ;
}
}



sainfo anonymous
{
pfs_group 2;
lifetime time 1 hour ;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate ;
}


первая фаза проходит вторая нет.

2005-03-25 17:09:13: INFO: 192.168.2.2[500] used as isakmp port (fd=9)
2005-03-25 17:09:13: INFO: 192.168.2.2[500] used for NAT-T
2005-03-25 17:09:17: INFO: respond new phase 1 negotiation: 192.168.2.2[500]<=>192.168.2.1[500]
2005-03-25 17:09:17: INFO: begin Identity Protection mode.
2005-03-25 17:09:17: INFO: ISAKMP-SA established 192.168.2.2[500]-192.168.2.1[500] spi:cda240abe404b2ab:7d6ae8408106039c
2005-03-25 17:09:19: INFO: respond new phase 2 negotiation: 192.168.2.2[0]<=>192.168.2.1[0]
2005-03-25 17:09:19: ERROR: no policy found: 192.168.0.0/24[0] 192.168.2.1/24[0] proto=any dir=in
2005-03-25 17:09:19: ERROR: failed to get proposal for responder.
2005-03-25 17:09:19: ERROR: failed to pre-process packet.


ike-scan выдает
192.168.2.1 Main Mode Handshake returned SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)

Hash=SHA1 хотя должен MD5

так как же это все завязать что бы все работало.[/b]

Starting Taget Host - 192.168.0.0


Что у Вас прописано в ipsec.conf?
Дополнительно можете посмотреть http://www.dlink.ru/technical/faq_vpn_17.php, пример достаточно подробный и действовать можно по аналогии.

/etc/ipsec.conf

config setup
interfaces="ipsec1=eth2" # new default is %defaultroute
plutodebug=all
klipsdebug=all
nat_traversal=yes
pluto=yes

conn Test
type=tunnel
left=192.168.2.2
leftnexthop=10.0.0.1
#leftsubnet=192.168.1.0/24
right=192.168.2.1
rightnexthop=10.0.0.2
#rightsubnet=192.168.0.0/24
keyexchange=ike
ikelifetime=1h
auth=esp
pfs=yes
authby=secret
auto=start

include /etc/ipsec.d/examples/no_oe.conf

Какая операционная система на soft сервере?