Home Forums Archive VaporSec Probles VaporSec 1.0 on Panther to BEFVP41

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #357452
    i3bargon
    Participant

    Hello,

    Im trying to help a friend connect to my befvp41. He has a powerbook that runs 10.3 Panther. He is directly connected to his cable modem, so no router. My befvp41 (firmware: 1.41.1, Sep 04 2003) is connected to the cable modem and my private lan is 192.168.2.0 . When we attemp to vaporize i get absolutley no log entries in my befvp41. Its like hes not even attempting to connect. I also tried the procedures in the article

    “Flying Racoons: Clients? We don’t need no stinking clients”

    and i dont get any conncection entries in my log either. Here is his racoon.conf file.

    # $KAME: racoon.conf.in,v 1.17 2001/08/14 12:10:22 sakane Exp $

    path pre_shared_key “/etc/racoon/psk.txt” ;

    path certificate “/LIbrary/Application Support/VaporSec/certs” ;

    padding
    {
    maximum_length 20; # maximum padding length.
    randomize off; # enable randomize length.
    strict_check off; # enable strict check.
    exclusive_tail off; # extract last one octet.
    }

    listen
    {
    }

    # Specification of default various timer.
    timer
    {
    # These value can be changed per remote node.
    counter 5; # maximum trying count to send.
    interval 20 sec; # maximum interval to resend.
    persend 1; # the number of packets per a send.

    # timer for waiting to complete each phase.
    phase1 30 sec;
    phase2 30 sec;
    }

    remote {BEFVP1 IPADDRESS}
    {
    exchange_mode main;
    doi ipsec_doi;
    situation identity_only;
    nonce_size 16;
    lifetime time 300 seconds;
    initial_contact on;
    support_mip6 on;
    proposal_check claim;

    proposal {
    encryption_algorithm 3des;
    hash_algorithm sha1;
    authentication_method pre_shared_key ;
    dh_group 2;
    }
    }

    sainfo address {MAC POWERBOOK IP}/24 any address 192.168.2.0/32 any
    {
    pfs_group 2;
    lifetime time 3000 seconds;
    encryption_algorithm 3des;
    authentication_algorithm hmac_sha1;
    compression_algorithm deflate;
    }

    MY VPN Setting on the BEFVP41

    Local Secure Group (Subnet) – IP 192.168.2.0
    Mask: 255.255.255.0

    Remote Secure Group: Any
    Remote Secure Gateway: Any
    Encryption: 3DES
    Authentication: SHA

    Key Management: Auto IKE
    PFS: On
    Pre-Shared Key: {my preshared key}
    Key Lifetime: 28800

    Phase1
    Operation Mode: Main

    Proposal1
    Encryption: 3DES
    Authentication: SHA
    Group: 1024-bit
    Key Lifetime: 28800

    Phase2:
    Encryption: 3DES
    Authentication: SHA
    PFS: ON
    Group: 1024-bit
    Key Lifetime 3600

    Anti-Replay: on
    Keep Alive: on

    #357465
    i3bargon
    Participant

    I forgot to put that i was able to succesfully connect using VPT Tracker. The was a demo version. Do any of you know how i can clone the configuration that VPT Tracker used to Vapor Sec.

    Thanks.

    #357505
    i3bargon
    Participant

    Do you see anything wrong with the vapor sec settings i posted.

    Thanks for your help!

    #357531
    i3bargon
    Participant

    I made your suggested changes still not seeing any type of connection on the befvp41. I do receive this error on the macs /var/log/system.log

    Feb 29 23:00:38 ip68-1-154-33 racoon: ERROR: isakmp.c:1520:isakmp_setup_socket(): failed to bind (Address already in use).
    Feb 29 23:00:38 ip68-1-154-33 racoon: ERROR: isakmp.c:1604:isakmp_open(): no address could be bound.

    Any more suggestions?

    #357568
    Anonymous
    Participant

    [quote:f12273d422=”i3bargon”]I made your suggested changes still not seeing any type of connection on the befvp41. I do receive this error on the macs /var/log/system.log

    Feb 29 23:00:38 ip68-1-154-33 racoon: ERROR: isakmp.c:1520:isakmp_setup_socket(): failed to bind (Address already in use).
    Feb 29 23:00:38 ip68-1-154-33 racoon: ERROR: isakmp.c:1604:isakmp_open(): no address could be bound.
    Any more suggestions?[/quote:f12273d422]

    I have to use a Nortel/Netlock client to connect to work. This client grabs the port at startup and racoon can’t. I have to kill the Netlock client first (sudo /Library/StartupItems/Nleac/Nleac stop). I suspect a Cisco or other client will behave in a similar fashion. Are you running some other client software?

Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.

Comments are closed