On Wed, 30 Jul 2003, bert hubert wrote:
> I recently tested all this again with 2.6.0-test2 and It Just Worked, so I
> can't confirm this.
with an all modular build ?
> I run with a very minimal racoon.conf, almost exactly the one found on
> http://lartc.org/howto/lartc.ipsec.html
ditto
> I'd suggest posting the relevant bits of your .config
!/usr/sbin/setkey -f
flush;
spdflush;
spdadd 9.30.62.131 9.51.94.26 any -P out ipsec
esp/transport//require;
spdadd 9.51.94.26 9.30.62.131 any -P in ipsec
esp/transport//require;
/etc/racoon/racoon.conf
remote 9.51.94.26
{
exchange_mode main;
my_identifier asn1dn;
peers_identifier asn1dn;
certificate_type x509 "<cert>" "<key>";
peers_certfile "<remote cert>";
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method rsasig;
dh_group modp1536 ;
}
}
sainfo anonymous
{
pfs_group modp1536;
encryption_algorithm 3des ;
authentication_algorithm hmac_sha1 ;
compression_algorithm deflate ;
}
Again, the remote is freeswan 1.96
> Good luck!
Thanks, I'll probably be needing it :)
-- Rick Nelson I can saw a woman in two, but you won't want to look in the box when I do 'For My Next Trick I'll Need a Volunteer' -- Warren Zevon - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Jul 31 2003 - 22:00:47 EST