VaporSec + Watchguard SOHO 6 = need peers_identifier address

[Anonymous]

Hey all,

I have a Watchguard SOHO 6tc VPN appliance that uses it’s private subnet as it’s identifier (which works out to the the clients remote identifier). So if I don’t want my phase 1 negotiations to fail, I think I need something like this in my client’s racoon.conf:

peers_identifier address “192.168.0.0/24”;

a) is this possible with racoon?
b) Will VaporSec have an option for this someday?

Currently I can do the peer’s address (no good for an ID that’s a subnet) or the peer’s user_fqdn (no good for a subnet style ID either – I get “ipsecdoi_checkid1(): ID type mismatched” in the logs)

Alternately, I’d take some advice on how I can get VaporSec to not stomp on my racoon.conf file (again assuming that the ‘address’ ID type to peers_identifier will work with a subnet).

Any suggestions on all of this?

Thanks,
Martin

[Anonymous]

Hey All,

Well it looks like Watchguard invented this “IP Subnet” ID type. After some more research it looks like ‘peers_identifier address’ will not accept a subnet as it’s value. By the way, I just kill -HUP’ed racoon to get it to reread racoon.conf.

So it looks like VaporSec can’t really touch this issue, it is more of a Racoon/SDP/Whoever issue. I guess I’ll write them an email about this and see if their interested in implementing this ID type.

I hope this helps some other Watchguard user. Of course if you’re reading this and you’ve figured out something I’ve missed, I’d appreciate an email!

martin !_~@~_! rubensteintech.com

-Martin

[Author]

Posts