Hello
I'm having some trouble with a ipsec vpn on Debian with dynamic clients,
I have static IP clients working with PSK's fine. Hopefully somebody can
point me in the right direction
Racoon config
remote anonymous {
exchange_mode main;
## doi ipsec_doi ;
## situation identity_only ;
## lifetime time 1 hour ;
generate_policy on;
passive on;
certificate_type x509 "vpngateway_cert.pem"
"vpngateway_key.pem"
verify_cert on;
my_identifier address asn1dn;
peers_identifier fqdn asn1dn";
verify_identifier on;
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method rsasig;
dh_group modp1024;
}
proposal_check obey ;
}
sainfo anonymous {
pfs_group modp1024;
lifetime time 1 hour ;
encryption_algorithm aes;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
I have created a cert for the client which is a Zyxel router put no
dice, the error I'm seeing in the racoon logs is
Nov 20 15:36:50 localhost racoon: INFO: respond new phase 1 negotiation:
82.144.*.*[500]<=>84.64.*.*[500]
Nov 20 15:36:50 localhost racoon: INFO: begin Identity Protection mode.
Nov 20 15:36:50 localhost racoon: ERROR: rejected authmethod:
DB(prop#1:trns#1):Peer(prop#1:trns#1) = pre-shared key:RSA signatures
I can get it work without problems if the client IP address is static, I
have read a number of how-to's and but I cannot seem to get it to work,
the certs I created are in the racoon/certs directory and the cert for
the Zyxel client had the request sign by my CA. The VPN server is Debian
Etch.
Searching google for the racoon error message has not provided a great
deal.
Regards
Wayne
