Subject: FreeS/WAN <-> KAME
To: None <netbsd-users@netbsd.org>
From: Jan Schaumann <jschauma@netbsd.org>
List: netbsd-users
Date: 09/09/2002 18:13:10
Hi,
I'm currently trying to get a Linux machine talking FreeS/WAN IPsec to
talk to a NetBSD machine using KAME. On the NetBSD machine, IPsec is
working just fine; it is talking IPsec using PSKs to various other
NetBSD machines.
Enter the Linux box.
I've added the PSK into NetBSD:/usr/pkg/etc/racoon/psk.txt and
Linux:/etc/ipsec.secrets
I looked around on the web, and found these URL:
http://www.hsc.fr/ressources/ipsec/ipsec2000/freeswan/
http://www.hsc.fr/ressources/ipsec/ipsec2000/kame/
I've been trying to follow these examples, but when I start ipsec on the
Linux-site, it seems to try to use IPsec for all communication (I only
want it to talk to the NetBSD machine at a certain port using IPsec).
At the same time, on the NetBSD side, connections to the specified port
on the Linux machine time out; racoon complains:
isakmp.c:1700:isakmp_post_acquire(): request for establishing IPsec-SA
was queued due to no phase1 found.
isakmp.c:1434:isakmp_ph1resend(): phase1 negotiation failed due to time
up. 4e9b66587b2d1079:0000000000000000
racoon: ERROR: isakmp.c:1773:isakmp_chkph1there(): phase2 negotiation
failed due to time up waiting for phase1. ESP LinuxIP->NetBSDIP.
Anybody around here who has successfully made FreeS/WAN talk to KAME and
could give me an example or some pointers?
Thanks,
-Jan
--
I seem to be having this tremendous difficulty with my lifestyle.