Hi,
I'm trying to get Racoon running IPSec with a Mikrotik router.
Followed the Setup Basics from OWRT Homepage.
config 'racoon'
option 'foreground' '0'
option 'debug' '1'
option 'zone' 'vpn'config 'tunnel' 'WN'
option 'enabled' '1'
option 'remote' 'nobody.no-ip.org'
option 'pre_shared_key' 'test'
option 'exchange_mode' 'aggressive'
option 'my_identifier' '@nobody.no-ip.org'
list 'p1_proposal' 'pre_g2_3des_md5'
list 'sainfo' 'WN_LAN'
option 'dpd_delay' '60'config 'p1_proposal' 'pre_g2_3des_md5'
option 'encryption_algorithm' '3des'
option 'hash_algorithm' 'md5'
option 'authentication_method' 'pre_shared_key'
option 'dh_group' '2'
option 'lifetime' '28800'config 'sainfo' 'WN_LAN'
option 'local_subnet' '10.178.1.160/27'
option 'remote_subnet' '10.178.1.32/27'
option 'p2_proposal' 'g2_aes_sha1'config 'p2_proposal' 'g2_aes_sha1'
option 'pfs_group' '2'
option 'encryption_algorithm' 'aes'
option 'authentication_algorithm' 'hmac_sha1'
option 'lifetime' '1800'
This is the generated one:
# auto generated by /etc/init.d/racoon
path pre_shared_key "/var/racoon/psk.txt";
path certificate "/var/racoon/cert";
padding {
maximum_length 20; randomize off;
strict_check off; exclusive_tail off;
}
timer {
counter 5; interval 20 sec; persend 1;
phase1 30 sec; phase2 15 sec;
}remote "WN" {
remote_address 123.123.123.123 ;
my_identifier fqdn "@nobody.no-ip.org";
exchange_mode aggressive;
proposal_check obey;
nat_traversal on;
dpd_delay 60;
proposal {
lifetime time 28800 sec;
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo address 10.178.1.160/27 any address 10.178.1.32/27 any {
pfs_group 2;
lifetime time 1800 sec;
encryption_algorithm aes;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
Mikrotik tells me, Phase 1 Timeout.
OpenWrt tells me ERROR: exchange Aggressive not allowed in any applicable rmconf.
I'm near to get crazy with this.
Can anybody help, please?
(Last edited by redflag237 on 1 Oct 2013, 22:18)