Hello everybody,
i got static configuration of SAs IPSEC working in my Centos 6.4 using ipsec-tools 0.8.2 setkey. Now i want to try IKE phase 1 for session keys handshaking by means of racoon deamon. I found a lot of discussions on the network about racoon.conf but it seems ike 1 never start handshaking in my environment. Can you provide a guide to the right racoon configuration?
thanks
marco
IPSec tool 0.8.2 with Centos 6.4
Re: IPSec tool 0.8.2 with Centos 6.4
Don't use 6.4. It's old, out of date (Feb 2013) and riddled with security problems. You need to get yourself up to date and onto the newly released 6.8 - yum update will do that.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 4
- Joined: 2016/06/10 10:15:32
Re: IPSec tool 0.8.2 with Centos 6.4
Many thanks,
i'll perform the upgrade.
regards
marco
i'll perform the upgrade.
regards
marco
-
- Posts: 4
- Joined: 2016/06/10 10:15:32
Re: IPSec tool 0.8.2 with Centos 6.4
Now I can see ike working fine with ipsec tool and centos 6.8!
-
- Posts: 4
- Joined: 2016/06/10 10:15:32
Re: IPSec tool 0.8.2 with Centos 6.4
Hi all,
i was able to test ipsec-tool with manual setkey and IKE using certificates, now i'd like to go through study of NAT Traversal.
First i configured ipsec tool with these options:
# ./configure --prefix=/usr --sysconfdir=/etc/racoon --enable-natt=yes --enable-security-context=no --enable-dpd --enable-frag --enable-hybrid --enable-natt-versions="00,02,06,08,rfc"
Then:
# make
# make install
all these steps without errors (also the std output displays nat traversal is supported by the kernel). Then the commands:
service racoon restart
setkey -f /etc/ipsec.conf
racoon -f /etc/racoon/racoon.conf -l /var/log/racoon.log -d -P 4500
..But while reading the racoon.conf i get this error in racoon.log:
/etc/racoon/racoon.conf:24: "4500" NAT-T support not compiled in.
I have been searching for this error for days, but nothing. Anyone can help me solving this trouble?
regards
marco
i was able to test ipsec-tool with manual setkey and IKE using certificates, now i'd like to go through study of NAT Traversal.
First i configured ipsec tool with these options:
# ./configure --prefix=/usr --sysconfdir=/etc/racoon --enable-natt=yes --enable-security-context=no --enable-dpd --enable-frag --enable-hybrid --enable-natt-versions="00,02,06,08,rfc"
Then:
# make
# make install
all these steps without errors (also the std output displays nat traversal is supported by the kernel). Then the commands:
service racoon restart
setkey -f /etc/ipsec.conf
racoon -f /etc/racoon/racoon.conf -l /var/log/racoon.log -d -P 4500
..But while reading the racoon.conf i get this error in racoon.log:
/etc/racoon/racoon.conf:24: "4500" NAT-T support not compiled in.
I have been searching for this error for days, but nothing. Anyone can help me solving this trouble?
regards
marco