Logo GNT
Actualités Tests & Guides Bons Plans
GTA 6 iPhone 17 Copilot Switch 2 Temu ChatGPT Tesla
OVH Cloud OVH Cloud
Entraide Linux Autres OS Linux Debian Racoon etvpn mobile

Racoon etvpn mobile

2 réponses
Avatar
Thierry Leurent
--Boundary-00=_JYK/BLDyk8NtLyF
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Bonjour,

J'essaye depuis plusieurs jours de configurer un client vpn mobile pour un
firewall watchguard.

Pour ce faire j'utilse ipsec-tools et racoon. Lorsque je lance racoon, j'ai
deux messages d'erreurs, l'un me parle de compression l'autre de d'adresse
ip. Je ne vois pas de solution....


Voici le log :

Merci
Thierry

--Boundary-00=_JYK/BLDyk8NtLyF
Content-Type: text/x-log;
charset="us-ascii";
name="racoon.log"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="racoon.log"

2005-01-30 10:08:11: INFO: @(#)ipsec-tools 0.3.3 (http://ipsec-tools.sourceforge.net)
2005-01-30 10:08:11: INFO: @(#)This product linked OpenSSL 0.9.7e 25 Oct 2004 (http://www.openssl.org/)
2005-01-30 10:08:11: DEBUG: call pfkey_send_register for AH
2005-01-30 10:08:11: DEBUG: call pfkey_send_register for ESP
2005-01-30 10:08:11: DEBUG: call pfkey_send_register for IPCOMP
2005-01-30 10:08:11: DEBUG: reading config file /etc/racoon/racoon.conf
2005-01-30 10:08:11: DEBUG: hmac(modp768)
2005-01-30 10:08:11: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
2005-01-30 10:08:11: DEBUG: my interface: 127.0.0.1 (lo)
2005-01-30 10:08:11: DEBUG: my interface: 192.168.0.6 (eth0)
2005-01-30 10:08:11: DEBUG: my interface: ::1 (lo)
2005-01-30 10:08:11: DEBUG: my interface: fe80::20e:a6ff:fecf:31ed%253 (eth0)
2005-01-30 10:08:11: DEBUG: configuring default isakmp port.
2005-01-30 10:08:11: DEBUG: 4 addrs are configured successfully
2005-01-30 10:08:11: ERROR: failed to bind to address fe80::20e:a6ff:fecf:31ed%253[500] (No such device).
2005-01-30 10:08:11: INFO: ::1[500] used as isakmp port (fd=5)
2005-01-30 10:08:11: INFO: 192.168.0.6[500] used as isakmp port (fd=6)
2005-01-30 10:08:11: INFO: 127.0.0.1[500] used as isakmp port (fd=7)
2005-01-30 10:08:11: DEBUG: get pfkey X_SPDDUMP message
2005-01-30 10:08:11: DEBUG: get pfkey X_SPDDUMP message
2005-01-30 10:08:11: DEBUG: sub:0xbffff740: 194.68.64.104/32[0] 192.168.10.3/32[0] proto=any dir=in
2005-01-30 10:08:11: DEBUG: db :0x80a6b50: 10.101.0.0/24[0] 192.168.0.0/24[0] proto=any dir=in
2005-01-30 10:08:11: DEBUG: get pfkey X_SPDDUMP message
2005-01-30 10:08:11: DEBUG: sub:0xbffff740: 192.168.0.0/24[0] 10.101.0.0/24[0] proto=any dir=out
2005-01-30 10:08:11: DEBUG: db :0x80a6b50: 10.101.0.0/24[0] 192.168.0.0/24[0] proto=any dir=in
2005-01-30 10:08:11: DEBUG: sub:0xbffff740: 192.168.0.0/24[0] 10.101.0.0/24[0] proto=any dir=out
2005-01-30 10:08:11: DEBUG: db :0x80a6e80: 194.68.64.104/32[0] 192.168.10.3/32[0] proto=any dir=in
2005-01-30 10:08:11: DEBUG: get pfkey X_SPDDUMP message
2005-01-30 10:08:11: DEBUG: sub:0xbffff740: 192.168.0.3/32[0] 194.68.64.104/32[0] proto=any dir=out
2005-01-30 10:08:11: DEBUG: db :0x80a6b50: 10.101.0.0/24[0] 192.168.0.0/24[0] proto=any dir=in
2005-01-30 10:08:11: DEBUG: sub:0xbffff740: 192.168.0.3/32[0] 194.68.64.104/32[0] proto=any dir=out
2005-01-30 10:08:11: DEBUG: db :0x80a6e80: 194.68.64.104/32[0] 192.168.10.3/32[0] proto=any dir=in
2005-01-30 10:08:11: DEBUG: sub:0xbffff740: 192.168.0.3/32[0] 194.68.64.104[B/32[0] proto=any dir=out
2005-01-30 10:08:11: DEBUG: db :0x80a70b8: 192.168.0.0/24[0] 10.101.0.0/24[0] proto=any dir=out
2005-01-30 10:08:14: INFO: caught signal 2
2005-01-30 10:08:14: DEBUG: get pfkey FLUSH message
2005-01-30 10:08:15: DEBUG: call pfkey_send_dump
2005-01-30 10:08:15: INFO: racoon shutdown

--Boundary-00=_JYK/BLDyk8NtLyF--


--
Pensez à lire la FAQ de la liste avant de poser une question :
http://wiki.debian.net/?DebianFrench

Pensez à rajouter le mot ``spam'' dans vos champs "From" et "Reply-To:"

To UNSUBSCRIBE, email to debian-user-french-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Signaler un problème avec ce contenu

2 réponses

Supprimer
Cette action est irreversible, confirmez la suppression du commentaire ?
Signaler le commentaire

Veuillez sélectionner un problème

Nudité
Violence
Harcèlement
Fraude
Vente illégale
Discours haineux
Terrorisme
Autre
Avatar
Laurent CARON
Thierry Leurent a écrit :

Bonjour,

J'essaye depuis plusieurs jours de configurer un client vpn mobile pour un
firewall watchguard.

Pour ce faire j'utilse ipsec-tools et racoon. Lorsque je lance racoon, j'ai
deux messages d'erreurs, l'un me parle de compression l'autre de d'adresse
ip. Je ne vois pas de solution....






Bonjour,

Peux tu nous montrer ton fichier de conf?

Merci

--
Do more than anyone expects, and pretty soon everyone will expect more.


--
Pensez à lire la FAQ de la liste avant de poser une question :
http://wiki.debian.net/?DebianFrench

Pensez à rajouter le mot ``spam'' dans vos champs "From" et "Reply-To:"

To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact
Avatar
Thierry Leurent
On Sunday 30 January 2005 12:30, Laurent CARON wrote:
Thierry Leurent a écrit :
>Bonjour,
>
>J'essaye depuis plusieurs jours de configurer un client vpn mobile pour un
>firewall watchguard.
>
>Pour ce faire j'utilse ipsec-tools et racoon. Lorsque je lance racoon,
> j'ai deux messages d'erreurs, l'un me parle de compression l'autre de
> d'adresse ip. Je ne vois pas de solution....

Bonjour,

Peux tu nous montrer ton fichier de conf?

Merci


Parfaitement voila :
/etc/ racoon.conf
#
# Simple racoon.conf
#
#
# Please look in /usr/share/doc/racoon/examples for
# the example that comes with the source.
#
# Please read racoon.conf(5) for details, and also
# read setkey(8).
#
# Also read the Linux IPSEC Howto up at
# http://www.ipsec-howto.org/t1.html
#

path pre_shared_key "/etc/racoon/psk.txt";
#path certificate "/etc/racoon/certs";

remote 194.68.64.104 {
exchange_mode main,aggressive;
# exchange_mode aggressive;

my_identifier user_fqdn "Clinf01";
proposal {
encryption_algorithm des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 1;

}
generate_policy off;
}

sainfo address 192.168.0.0/24 any address 10.101.0.0/24 any {
#sainfo anonymous {
pfs_group 1;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}

/etc/racoon/psk.txt
# IPv4/v6 addresses
194.68.64.104 @MouaVPNuse53!
# USER_FQDN
Clinf01 @MouaVPNuse53!
# FQDN
VPN_USERS @MouaVPNuse53!

spdadd.sh
#!/usr/sbin/setkey -f

flush;
spdflush;

spdadd 192.168.0.0/24 10.101.0.0/24 any -P out ipsec
esp/tunnel/192.168.10.3-194.68.64.104/require;
spdadd 192.168.0.3 194.68.64.104 any -P out ipsec
esp/tunnel/192.168.10.3-194.68.64.104/require;
spdadd 10.101.0.0/24 192.168.0.0/24 any -P in ipsec
esp/tunnel/194.68.64.104-192.168.10.3/require;
spdadd 194.68.64.104 192.168.10.3 any -P in ipsec
esp/tunnel/194.68.64.104-192.168.10.3/require;