Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Ipsec Host-to-host Linux - Windows
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
dandy_loco
n00b
n00b


Joined: 08 Aug 2007
Posts: 40

PostPosted: Thu Jun 26, 2008 11:00 am    Post subject: Ipsec Host-to-host Linux - Windows Reply with quote

Is there a "how-to" about connect a Linux host to a Windows host through IPSec using a pre shared key?

I have followed this manual but i can not make ping between hosts.
Quote:
http://gentoo-wiki.com/HOWTO_IPSEC

My Settings:

File: /etc/conf.d/racoon
Code:

RACOON_OPTS="-l /var/log/racoon"
RACOON_CONF="/etc/racoon/racoon.conf"
RACOON_PSK_FILE="/etc/racoon/psk.txt"
SETKEY_CONF="/etc/ipsec.conf"
RACOON_RESET_TABLES="true"


File: /etc/ipsec.conf
Code:

#!/usr/sbin/setkey -f

# Flush the SAD and SPD
flush;
spdflush;

# ESP SAs using 192 bit long keys
add 192.168.1.34 192.168.1.1 esp 0x201 -E rijndael-cbc
0x61272157401bf304177fa8ac0c38de4095992d06c0499cf7;
add 192.168.1.1 192.168.1.34 esp 0x301 -E rijndael-cbc
0x49fce5b82ff7acc4d6aded691a0f5f9a65e18861ad4b66bf;

spdadd 192.168.1.34 192.168.1.1 any -P out ipsec
       esp/transport//require;

spdadd 192.168.1.1 192.168.1.34 any -P in ipsec
       esp/transport//require;


File: /etc/racoon/psk.txt
Code:
192.168.1.1 tomate


File: /etc/racoon/racoon.conf
Code:
path pre_shared_key "/etc/racoon/psk.txt" ;
log debug2;

remote 192.168.1.1
{
        exchange_mode aggressive,main,base;
        lifetime time 24 hour;
        proposal {
                encryption_algorithm des;
                hash_algorithm md5;
                authentication_method pre_shared_key;
                dh_group 2;
        }
        generate_policy off;
}

sainfo address 192.168.1.34 any address 192.168.1.1 any
{
        pfs_group 2;
        lifetime time 12 hour ;
        encryption_algorithm 3des, blowfish 448, twofish, rijndael ;
        authentication_algorithm hmac_sha1, hmac_md5 ;
        compression_algorithm deflate ;
}


Code:

2008-06-26 12:49:57: INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
2008-06-26 12:49:57: INFO: received Vendor ID: FRAGMENTATION
2008-06-26 12:49:57: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
2008-06-26 12:49:57: DEBUG: received unknown Vendor ID
2008-06-26 12:49:57: DEBUG: total SA len=160
2008-06-26 12:49:57: DEBUG:
00000001 00000001 00000098 01010004 03000024 01010000 80010005 80020002
80040002 80030001 800b0001 000c0004 00007080 03000024 02010000 80010005
80020001 80040002 80030001 800b0001 000c0004 00007080 03000024 03010000
80010001 80020002 80040001 80030001 800b0001 000c0004 00007080 00000024
04010000 80010001 80020001 80040001 80030001 800b0001 000c0004 00007080
2008-06-26 12:49:57: DEBUG: begin.
2008-06-26 12:49:57: DEBUG: seen nptype=2(prop)
2008-06-26 12:49:57: DEBUG: succeed.
2008-06-26 12:49:57: DEBUG: proposal #1 len=152
2008-06-26 12:49:57: DEBUG: begin.
2008-06-26 12:49:57: DEBUG: seen nptype=3(trns)
2008-06-26 12:49:57: DEBUG: seen nptype=3(trns)
2008-06-26 12:49:57: DEBUG: seen nptype=3(trns)
2008-06-26 12:49:57: DEBUG: seen nptype=3(trns)
2008-06-26 12:49:57: DEBUG: succeed.
2008-06-26 12:49:57: DEBUG: transform #1 len=36
2008-06-26 12:49:57: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
2008-06-26 12:49:57: DEBUG: encryption(3des)
2008-06-26 12:49:57: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA
2008-06-26 12:49:57: DEBUG: hash(sha1)
2008-06-26 12:49:57: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
2008-06-26 12:49:57: DEBUG: hmac(modp1024)
2008-06-26 12:49:57: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2008-06-26 12:49:57: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2008-06-26 12:49:57: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2008-06-26 12:49:57: DEBUG: transform #2 len=36
2008-06-26 12:49:57: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
2008-06-26 12:49:57: DEBUG: encryption(3des)
2008-06-26 12:49:57: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2008-06-26 12:49:57: DEBUG: hash(md5)
2008-06-26 12:49:57: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
2008-06-26 12:49:57: DEBUG: hmac(modp1024)
2008-06-26 12:49:57: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2008-06-26 12:49:57: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2008-06-26 12:49:57: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2008-06-26 12:49:57: DEBUG: transform #3 len=36
2008-06-26 12:49:57: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC
2008-06-26 12:49:57: DEBUG: encryption(des)
2008-06-26 12:49:57: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA
2008-06-26 12:49:57: DEBUG: hash(sha1)
2008-06-26 12:49:57: DEBUG: type=Group Description, flag=0x8000, lorv=768-bit MODP group
2008-06-26 12:49:57: DEBUG: hmac(modp768)
2008-06-26 12:49:57: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2008-06-26 12:49:57: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2008-06-26 12:49:57: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2008-06-26 12:49:57: DEBUG: transform #4 len=36
2008-06-26 12:49:57: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC
2008-06-26 12:49:57: DEBUG: encryption(des)
2008-06-26 12:49:57: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2008-06-26 12:49:57: DEBUG: hash(md5)
2008-06-26 12:49:57: DEBUG: type=Group Description, flag=0x8000, lorv=768-bit MODP group
2008-06-26 12:49:57: DEBUG: type=Group Description, flag=0x8000, lorv=768-bit MODP group
2008-06-26 12:49:57: DEBUG: hmac(modp768)
2008-06-26 12:49:57: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2008-06-26 12:49:57: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2008-06-26 12:49:57: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2008-06-26 12:49:57: DEBUG: pair 1:
2008-06-26 12:49:57: DEBUG:  0x80c2340: next=(nil) tnext=0x80bc6e8
2008-06-26 12:49:57: DEBUG:   0x80bc6e8: next=(nil) tnext=0x80bcd90
2008-06-26 12:49:57: DEBUG:    0x80bcd90: next=(nil) tnext=0x80bf268
2008-06-26 12:49:57: DEBUG:     0x80bf268: next=(nil) tnext=(nil)
2008-06-26 12:49:57: DEBUG: proposal #1: 4 transform
2008-06-26 12:49:57: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4
2008-06-26 12:49:57: DEBUG: trns#=1, trns-id=IKE
2008-06-26 12:49:57: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
2008-06-26 12:49:57: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA
2008-06-26 12:49:57: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
2008-06-26 12:49:57: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2008-06-26 12:49:57: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2008-06-26 12:49:57: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2008-06-26 12:49:57: DEBUG: Compared: DB:Peer
2008-06-26 12:49:57: DEBUG: (lifetime = 86400:28800)
2008-06-26 12:49:57: DEBUG: (lifebyte = 0:0)
2008-06-26 12:49:57: DEBUG: enctype = DES-CBC:3DES-CBC
2008-06-26 12:49:57: DEBUG: (encklen = 0:0)
2008-06-26 12:49:57: DEBUG: hashtype = MD5:SHA
2008-06-26 12:49:57: DEBUG: authmethod = pre-shared key:pre-shared key
2008-06-26 12:49:57: DEBUG: dh_group = 1024-bit MODP group:1024-bit MODP group
2008-06-26 12:49:57: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4
2008-06-26 12:49:57: DEBUG: trns#=2, trns-id=IKE
2008-06-26 12:49:57: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
2008-06-26 12:49:57: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2008-06-26 12:49:57: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
2008-06-26 12:49:57: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2008-06-26 12:49:57: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2008-06-26 12:49:57: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2008-06-26 12:49:57: DEBUG: Compared: DB:Peer
2008-06-26 12:49:57: DEBUG: (lifetime = 86400:28800)
2008-06-26 12:49:57: DEBUG: (lifebyte = 0:0)
2008-06-26 12:49:57: DEBUG: enctype = DES-CBC:3DES-CBC
2008-06-26 12:49:57: DEBUG: (encklen = 0:0)
2008-06-26 12:49:57: DEBUG: hashtype = MD5:MD5
2008-06-26 12:49:57: DEBUG: authmethod = pre-shared key:pre-shared key
2008-06-26 12:49:57: DEBUG: dh_group = 1024-bit MODP group:1024-bit MODP group
2008-06-26 12:49:57: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4
2008-06-26 12:49:57: DEBUG: trns#=3, trns-id=IKE
2008-06-26 12:49:57: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC
2008-06-26 12:49:57: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA
2008-06-26 12:49:57: DEBUG: type=Group Description, flag=0x8000, lorv=768-bit MODP group
2008-06-26 12:49:57: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2008-06-26 12:49:57: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2008-06-26 12:49:57: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2008-06-26 12:49:57: DEBUG: Compared: DB:Peer
2008-06-26 12:49:57: DEBUG: (lifetime = 86400:28800)
2008-06-26 12:49:57: DEBUG: (lifebyte = 0:0)
2008-06-26 12:49:57: DEBUG: enctype = DES-CBC:DES-CBC
....
....
2008-06-26 12:50:27: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2008-06-26 12:50:27: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2008-06-26 12:50:27: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#3) = MD5:SHA
2008-06-26 12:50:27: ERROR: rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 1024-bit MODP group:768-bit MODP group
2008-06-26 12:50:27: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC
2008-06-26 12:50:27: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2008-06-26 12:50:27: DEBUG: type=Group Description, flag=0x8000, lorv=768-bit MODP group
2008-06-26 12:50:27: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2008-06-26 12:50:27: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2008-06-26 12:50:27: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2008-06-26 12:50:27: ERROR: rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#4) = 1024-bit MODP group:768-bit MODP group
2008-06-26 12:50:27: ERROR: no suitable proposal found.
2008-06-26 12:50:27: ERROR: failed to get valid proposal.
2008-06-26 12:50:27: ERROR: failed to process packet.

Thanks
Back to top
View user's profile Send private message
dandy_loco
n00b
n00b


Joined: 08 Aug 2007
Posts: 40

PostPosted: Thu Jun 26, 2008 10:31 pm    Post subject: Reply with quote

Quote:
Is there a "how-to" about connect a Linux host to a Windows host through IPSec using a pre shared key?

Has Nobody tried this?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum