Здравствуйте.
Помогите разобраться с настройкой VPN
Не ходят даже пинги.
Есть Dlink DI-804HV прошивка 1.45
на другой стороне FreeBSD 6.2 (ipsec + racoon)racoon.conf
path include "/usr/local/etc/racoon";
path pre_shared_key "/usr/local/etc/racoon/psk.txt";
padding
{
maximum_length 20; # maximum padding length.
randomize off; # enable randomize length.
strict_check off; # enable strict check.
exclusive_tail off; # extract last one octet.
}
listen
{
isakmp XXX.XXX.XXX.XXX [500];
}
timer
{
# These value can be changed per remote node.
counter 5; # maximum trying count to send.
interval 20 sec; # maximum interval to resend.
persend 1; # the number of packets per send.
# maximum time to wait for completing each phase.
phase1 30 sec;
phase2 15 sec;
}
remote anonymous
{
exchange_mode aggressive,main;
doi ipsec_doi;
situation identity_only;
my_identifier user_fqdn "admin@xxx.ru";
peers_identifier user_fqdn "admin@xxx.ru";
nonce_size 16;
lifetime time 3600 sec;
initial_contact on;
support_mip6 on;
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 1;
}
}
sainfo anonymous
{
pfs_group 1;
lifetime time 3600 sec;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
Команда setkey -DP
192.168.101.0/24[any] 192.168.100.0/24[any] any
in ipsec
esp/tunnel/YYY.YYY.YYY.YYY-XXX.XXX.XXX.XXX/require
created: Oct 5 16:23:59 2007 lastused: Oct 5 16:23:59 2007
lifetime: 0(s) validtime: 0(s)
spid=16404 seq=1 pid=4365
refcnt=1
192.168.100.0/24[any] 192.168.101.0/24[any] any
out ipsec
esp/tunnel/XXX.XXX.XXX.XXX-YYY.YYY.YYY.YYY/require
created: Oct 5 16:23:59 2007 lastused: Oct 5 16:26:55 2007
lifetime: 0(s) validtime: 0(s)
spid=16403 seq=0 pid=4365
refcnt=1
netstat -rn | grep gif0
192.168.101 192.168.101.28 UGS 0 43 gif0
192.168.101.28 192.168.100.28 UH 1 113 gif0
Вариант для распечатки
OpenNET: Виртуальная конференция (Public)
on 05-Окт-07, 14:59 
