Hi.
I'm having some problems with ipsec.
The connections are running, but when the line goes down the vpn is not coming
back again.
If i see the logs, i see these errors:
2010-07-06 13:23:22: ERROR: fatal INVALID-SPI notify messsage, phase1 should be
deleted.
If i force a restart of the setkey and racoon services, then the vpns are
coming back.
This is the conf:
remote AAA.AAA.AAA.AAA
{
exchange_mode main;
verify_cert on;
my_identifier address;
lifetime time 96 hour ;
dpd_delay 0;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo address 192.168.1.0/24 any address 10.75.0.0/16 any
{
pfs_group 2;
lifetime time 8 hour ;
encryption_algorithm 3des ;
authentication_algorithm hmac_md5 ;
compression_algorithm deflate ;
}
sainfo address AAA.AAA.AAA.AAA/32 any address 10.75.0.0/16 any
{
pfs_group 2;
lifetime time 8 hour ;
encryption_algorithm 3des ;
authentication_algorithm hmac_md5 ;
compression_algorithm deflate ;
}
sainfo address BBB.BBB.BBB.BBB/32 any address AAA.AAA.AAA.AAA/32 any
{
pfs_group 2;
lifetime time 8 hour ;
encryption_algorithm 3des ;
authentication_algorithm hmac_md5 ;
compression_algorithm deflate ;
}
sainfo address 192.168.1.0/24 any address AAA.AAA.AAA.AAA/32 any
{
pfs_group 2;
lifetime time 8 hour ;
encryption_algorithm 3des ;
authentication_algorithm hmac_md5 ;
compression_algorithm deflate ;
}
10.75.0.0/16 is the remote network.
192.168.1.0/24 is our net.
AAA.AAA.AAA.AAA is their remote public IP.
BBB.BBB.BBB.BBB is our public IP
Thanks
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/792006.31695...@web28616.mail.ukl.yahoo.com
