Home Forums Archive VAPOR VaporSec + Watchguard SOHO 6 = need peers_identifier address

This topic contains 2 replies, has 2 voices, and was last updated by  afp548contributor 15 years, 4 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #358024

    Anonymous
    Participant

    Hey all,

    I have a Watchguard SOHO 6tc VPN appliance that uses it’s private subnet as it’s identifier (which works out to the the clients remote identifier). So if I don’t want my phase 1 negotiations to fail, I think I need something like this in my client’s racoon.conf:

    peers_identifier address “192.168.0.0/24”;

    a) is this possible with racoon?
    b) Will VaporSec have an option for this someday?

    Currently I can do the peer’s address (no good for an ID that’s a subnet) or the peer’s user_fqdn (no good for a subnet style ID either – I get “ipsecdoi_checkid1(): ID type mismatched” in the logs)

    Alternately, I’d take some advice on how I can get VaporSec to not stomp on my racoon.conf file (again assuming that the ‘address’ ID type to peers_identifier will work with a subnet).

    Any suggestions on all of this?

    Thanks,
    Martin

    #358027

    Anonymous
    Participant

    Hey All,

    Well it looks like Watchguard invented this “IP Subnet” ID type. After some more research it looks like ‘peers_identifier address’ will not accept a subnet as it’s value. By the way, I just kill -HUP’ed racoon to get it to reread racoon.conf.

    So it looks like VaporSec can’t really touch this issue, it is more of a Racoon/SDP/Whoever issue. I guess I’ll write them an email about this and see if their interested in implementing this ID type.

    I hope this helps some other Watchguard user. Of course if you’re reading this and you’ve figured out something I’ve missed, I’d appreciate an email!

    martin [email protected]~_! rubensteintech.com

    -Martin

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Comments are closed