forum.lissyara.su

Код: Выделить всё

NOTIFY: no in-bound policy found: 192.168.2.0/24[0] 192.168.0.0/24[0] proto=any dir=in 

Код: Выделить всё

# cat racoon.conf
######################################
## /usr/local/etc/racoon/racoon.conf #
######################################

path include "/usr/local/etc/racoon" ;
path pre_shared_key "/usr/local/etc/racoon/psk.txt" ;

log     notify;  #log verbosity setting: set to 'notify' when testing and debugging is complete

padding  # options are not to be changed
{
maximum_length  20;
randomize       off;
strict_check    off;
exclusive_tail  off;
}

timer   # timing options. change as needed
{
counter         5;
interval        20 sec;
persend         1;
#       natt_keepalive  15 sec;
phase1          30 sec;
phase2          15 sec;
}

listen  # address [port] that racoon will listening on
{
    isakmp          195.24.X.X [500];
    #        isakmp_natt     10.10.0.200 [4500];
}

remote  212.3.Y.Y [500]
{
    exchange_mode   main,aggressive;
    doi             ipsec_doi;
    situation       identity_only;
    my_identifier   address 195.24.X.X;
    peers_identifier        address 212.3.Y.Y;
    lifetime        time 8 hour;
    passive         off;
    proposal_check  obey;
#       nat_traversal   off;
    generate_policy off;


proposal {
            encryption_algorithm    blowfish;
            hash_algorithm          md5;
            authentication_method   pre_shared_key;
            lifetime time           30 sec;
            dh_group                1;
        }
}

sainfo  (address 192.168.0.0/24 any address 192.168.2.0/24 any)
{
    pfs_group       1;
    lifetime        time    36000 sec;
    encryption_algorithm    blowfish,3des,des;
    authentication_algorithm        hmac_md5,hmac_sha1;
    compression_algorithm   deflate;
}

Код: Выделить всё

# cat psk.txt
# IPv4/v6 addresses
212.3.Y.Y PaSwOrd

Код: Выделить всё

# cat rc.conf
racoon_enable="YES"
racoon_flags="-l /var/log/racoon.log"
ipsec_enable="YES"
ipsec_program="/usr/local/sbin/setkey"
ipsec_file="/usr/local/etc/racoon/setkey.conf"

Код: Выделить всё

# cat setkey.conf
flush;
spdflush;
# To the home network
spdadd 192.168.0.0/24 192.168.2.0/24 any -P out ipsec esp/tunnel/195.24.X.X-212.3.Y.Y/use;
spdadd 192.168.2.0/24 192.168.0.0/24 any -P in ipsec esp/tunnel/212.3.Y.Y-195.24.X.X/use;

Код: Выделить всё

#--------27/05/2011 VPN Tunel--------------------

cloned_interfaces="gif0"
gif_interfaces="gif0"
gifconfig_gif0="195.24.X.X 212.3.Y.Y"
ifconfig_gif0="inet 192.168.0.95 192.168.2.95 netmask 255.255.255.255"
static_routes="vpn"
route_vpn="192.168.2.0/24 192.168.2.95"
export route_vpn

Код: Выделить всё

rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet 195.24.X.X netmask 0xfffffff0 broadcast 195.24.Xx.Xx
        ether 00:17:31:28:88:e8
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet 192.168.0.95 netmask 0xffffff00 broadcast 192.168.0.255
        ether 00:a0:d2:12:00:fd
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
        tunnel inet 195.24.X.X --> 212.3.Y.Y
        inet 192.168.0.95 --> 192.168.2.95 netmask 0xffffffff

Код: Выделить всё

 sainfo anonymous {
...
}