- This topic has 6 replies, 3 voices, and was last updated 19 years, 12 months ago by
.
Anonymous.
i3bargonHello,
Im trying to help a friend connect to my befvp41. He has a powerbook that runs 10.3 Panther. He is directly connected to his cable modem, so no router. My befvp41 (firmware: 1.41.1, Sep 04 2003) is connected to the cable modem and my private lan is 192.168.2.0 . When we attemp to vaporize i get absolutley no log entries in my befvp41. Its like hes not even attempting to connect. I also tried the procedures in the article
“Flying Racoons: Clients? We don’t need no stinking clients”
and i dont get any conncection entries in my log either. Here is his racoon.conf file.
# $KAME: racoon.conf.in,v 1.17 2001/08/14 12:10:22 sakane Exp $
path pre_shared_key “/etc/racoon/psk.txt” ;
path certificate “/LIbrary/Application Support/VaporSec/certs” ;
padding
{
maximum_length 20; # maximum padding length.
randomize off; # enable randomize length.
strict_check off; # enable strict check.
exclusive_tail off; # extract last one octet.
}
listen
{
}
# Specification of default various timer.
timer
{
# These value can be changed per remote node.
counter 5; # maximum trying count to send.
interval 20 sec; # maximum interval to resend.
persend 1; # the number of packets per a send.
# timer for waiting to complete each phase.
phase1 30 sec;
phase2 30 sec;
}
remote {BEFVP1 IPADDRESS}
{
exchange_mode main;
doi ipsec_doi;
situation identity_only;
nonce_size 16;
lifetime time 300 seconds;
initial_contact on;
support_mip6 on;
proposal_check claim;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key ;
dh_group 2;
}
}
sainfo address {MAC POWERBOOK IP}/24 any address 192.168.2.0/32 any
{
pfs_group 2;
lifetime time 3000 seconds;
encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
MY VPN Setting on the BEFVP41
Local Secure Group (Subnet) – IP 192.168.2.0
Mask: 255.255.255.0
Remote Secure Group: Any
Remote Secure Gateway: Any
Encryption: 3DES
Authentication: SHA
Key Management: Auto IKE
PFS: On
Pre-Shared Key: {my preshared key}
Key Lifetime: 28800
Phase1
Operation Mode: Main
Proposal1
Encryption: 3DES
Authentication: SHA
Group: 1024-bit
Key Lifetime: 28800
Phase2:
Encryption: 3DES
Authentication: SHA
PFS: ON
Group: 1024-bit
Key Lifetime 3600
Anti-Replay: on
Keep Alive: on
i3bargonI forgot to put that i was able to succesfully connect using VPT Tracker. The was a demo version. Do any of you know how i can clone the configuration that VPT Tracker used to Vapor Sec.
Thanks.
i3bargonDo you see anything wrong with the vapor sec settings i posted.
Thanks for your help!
i3bargonI made your suggested changes still not seeing any type of connection on the befvp41. I do receive this error on the macs /var/log/system.log
Feb 29 23:00:38 ip68-1-154-33 racoon: ERROR: isakmp.c:1520:isakmp_setup_socket(): failed to bind (Address already in use).
Feb 29 23:00:38 ip68-1-154-33 racoon: ERROR: isakmp.c:1604:isakmp_open(): no address could be bound.
Any more suggestions?
Anonymous[quote:f12273d422=”i3bargon”]I made your suggested changes still not seeing any type of connection on the befvp41. I do receive this error on the macs /var/log/system.log
Feb 29 23:00:38 ip68-1-154-33 racoon: ERROR: isakmp.c:1520:isakmp_setup_socket(): failed to bind (Address already in use).
Feb 29 23:00:38 ip68-1-154-33 racoon: ERROR: isakmp.c:1604:isakmp_open(): no address could be bound.
Any more suggestions?[/quote:f12273d422]
I have to use a Nortel/Netlock client to connect to work. This client grabs the port at startup and racoon can’t. I have to kill the Netlock client first (sudo /Library/StartupItems/Nleac/Nleac stop). I suspect a Cisco or other client will behave in a similar fashion. Are you running some other client software?