# cat /etc/racoon/racoon.conf
Код:
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
log debug;
listen {
isakmp 222.48.47.234 [500];
}
#
# Connection aclass
#
remote 111.48.47.233 {
nat_traversal on;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group modp1024;
}
passive off;
my_identifier address 222.48.47.234;
verify_identifier off;
lifetime time 30 min;
peers_identifier address 111.48.47.233;
exchange_mode main;
generate_policy on;
}
sainfo address 172.16.0.0/24[any] any address 192.168.0.0/24[any] any {
pfs_group modp1024;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
ругается на несовпадение шифрования наверное
DEBUG: Compared: DB:Peer
DEBUG: (lifetime = 1800:28800)
DEBUG: (lifebyte = 0:0)
DEBUG: enctype = 3DES-CBC:Blowfish-CBC
DEBUG: (encklen = 0:128)
DEBUG: hashtype = MD5:SHA
DEBUG: authmethod = pre-shared key:pre-shared key
DEBUG: dh_group = 1024-bit MODP group:1024-bit MODP group
DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
DEBUG: type=Key Length, flag=0x8000, lorv=128
DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
DEBUG: type=Life Type, flag=0x8000, lorv=seconds
DEBUG: type=Life Duration, flag=0x8000, lorv=28800
ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#0:trns#0) = 3DES-CBC:AES-CBC
ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#0:trns#7) = 3DES-CBC:Blowfish-CBC
ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#0:trns#7) = MD5:SHA
ERROR: no suitable proposal found.
ERROR: failed to get valid proposal.
ERROR: failed to pre-process packet.
ERROR: phase1 negotiation failed.
борьба по материалам faq
http://www.dlink.ru/ru/faq/92/512.htmlhttp://www.dlink.ru/ru/faq/92/520.html
Вход
Регистрация
FAQ
Поиск
