Problem with the Host2Host IPsec configuration
Liloulinx
alilou_linux at yahoo.fr
Tue Jun 20 19:09:31 UTC 2006
Hi,
I'm under FC4. I would like to configure an IPsec communications between
2 computers. The first has the IP "10.172.52.78" and the second has the
IP : "10.172.52.19". To do this I have used the "Network Configuration"
tool (/usr/bin/system-config-network).
In the "IPsec" tab, I have pushed on "new". And do this:
- surname: AAA
- IPsec on boot= false
- type of connection: Host 2 host
- type of encryption: by IKE (racoon)
- remote IP address: 10.172.52.19
- Authentication key: c7f6fac78b603ecaa6dc9817f596da6141369604
- incoming authentication SPI: 300
- outgoing authentication SPI: 301
- incoming encryption SPI: 302
- outcoing encryption SPI: 303
In the second machine I have done the same, else for:
- remote IP address: 10.172.52.78
- incoming authentication SPI: 301
- outgoing authentication SPI: 300
- incoming encryption SPI: 303
- outcoing encryption SPI: 302
I have saved the new rule in each machine. I have enabled it and
restarted the network daemon.
In each machine I have obtained these files:
/etc/sysconfig/network-scripts/ifcfg-AAA,
/etc/sysconfig/network-scripts/keys-AAA, /racoon/10.172.52.19.conf (and
the in the 2nd machine /racoon/10.172.52.78.conf)
- Contents of the "/etc/sysconfig/network-scripts/ifcfg-AAA" file:
DST=10.172.52.19
TYPE=IPSEC
ONBOOT=no
IKE_METHOD=PSK
-Content of the /etc/keys-AAA file:
c7f6fac78b603ecaa6dc9817f596da6141369604
- Contents of the "/etc/racoon/10.172.52.19.conf" file
remote 10.172.52.19
{
exchange_mode aggressive, main;
my_identifier address;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2 ;
}
}
Problem: When I try to ping the other machine I have this error message:
ping 10.172.52.19
connect: Resource temporarily unavailable
Nota: I have disabled my firewall.
Do you know what I must do in addition to what I made?
Thanks
More information about the fedora-list
mailing list