I'm trying to get rid of anonymous in racoon.conf since it appears in a VAST majority of samples about IPsec but I cannot make the sainfo section to work.
racoon.conf
If I put all settings for anonymous (as per examples), it works great but I would prefer to keep distinctive addresses I could connect from. Do I miss something obvious in the settings?
I forgot to add: WORK is the tun0 address, this is the way we got Internet on the router host.
The network configuration is:
racoon -dF
Code:
2013-07-09 16:30:26: DEBUG: getsainfo params: loc='WORK' rmt='192.168.HOME.IP' peer='192.168.HOME.IP' client='HOME_EXTERNAL' id=0
2013-07-09 16:30:26: DEBUG: evaluating sainfo: loc='HOME_EXTERNAL', rmt='WORK', peer='ANY', id=0
2013-07-09 16:30:26: DEBUG: check and compare ids : value mismatch (IPv4_address)
2013-07-09 16:30:26: DEBUG: cmpid target: 'WORK'
2013-07-09 16:30:26: DEBUG: cmpid source: 'HOME_EXTERNAL'
2013-07-09 16:30:26: ERROR: failed to get sainfo.
2013-07-09 16:30:26: ERROR: failed to get sainfo.
2013-07-09 16:30:26: [HOME] ERROR: failed to pre-process ph2 packet (side: 1, status: 1).
…racoon.conf
Code:
## IKE Phase 2
sainfo address HOME_EXTERNAL udp address WORK udp
{
encryption_algorithm aes,3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
pfs_group modp1024;
}If I put all settings for anonymous (as per examples), it works great but I would prefer to keep distinctive addresses I could connect from. Do I miss something obvious in the settings?
I forgot to add: WORK is the tun0 address, this is the way we got Internet on the router host.
The network configuration is:
Code:
192.168.HOME.IP > NAT > HOME_EXTERNAL > PPPoE (my router box to provider) > internet > PPPoE (FreeBSD 9.1 to provider) > WORK > NAT > OFFICE_NET. racoon and mpd5 listen on the WORK IP address.