Добрый день.
Чисто в образовательных целях пытаюсь создать IPSEC туннель
между машинами 172.18.18.102 и 172.18.18.206.Вот конфиги с машины 172.18.18.102.
# file for pre-shared keys used for IKE authentication
# format is: 'identifier' 'key'
# For example:
#
# 10.1.1.1 flibbertigibbet
# www.example.com 12345
# foo@www.example.com micropachycephalosaurus
172.18.18.206 pass12345
# Racoon IKE daemon configuration file.
# See 'man racoon.conf' for a description of the format and entries.
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
#path certificate "/etc/racoon/certs";
log debug;
remote 172.18.18.206
{
exchange_mode aggressive,main,base;
lifetime time 24 hour;
proposal
{
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo address 172.18.18.102 any address 172.18.18.206 any
{
pfs_group 2;
lifetime time 12 hour ;
encryption_algorithm 3des, blowfish 448l ;
authentication_algorithm hmac_sha1, hmac_md5 ;
compression_algorithm deflate ;
}
На машине 172.18.18.206 подобный конфиг, только адреса наоборот.
Туннель не работает.
Вот кусок лога. В чем может быть дело?
racoon: INFO: isakmp.c:1048:isakmp_ph2begin_r(): respond new phase 2 negotiation: 172.18.18.102[0]<=>172.18.18.206[0]
racoon: ERROR: pfkey.c:209:pfkey_handler(): pfkey UPDATE failed: No buffer space available
racoon: ERROR: pfkey.c:209:pfkey_handler(): pfkey ADD failed: No buffer space available
racoon: INFO: pfkey.c:1389:pk_recvexpire(): IPsec-SA expired: ESP/Tunnel 172.18.18.206->172.18.18.102 spi=1043980(0xfee0c)
racoon: WARNING: pfkey.c:1417:pk_recvexpire(): the expire message is received but the handler has not been established.
racoon: ERROR: pfkey.c:740:pfkey_timeover(): 172.18.18.206 give up to get IPsec-SA due to time up to wait.
racoon: INFO: isakmp.c:1048:isakmp_ph2begin_r(): respond new phase 2 negotiation: 172.18.18.102[0]<=>172.18.18.206[0]
racoon: ERROR: pfkey.c:209:pfkey_handler(): pfkey UPDATE failed: No buffer space available
racoon: ERROR: pfkey.c:209:pfkey_handler(): pfkey ADD failed: No buffer space available
racoon: INFO: pfkey.c:1389:pk_recvexpire(): IPsec-SA expired: ESP/Tunnel 172.18.18.206->172.18.18.102 spi=211126392(0xc958878)
racoon: WARNING: pfkey.c:1417:pk_recvexpire(): the expire message is received but the handler has not been established.
racoon: ERROR: pfkey.c:740:pfkey_timeover(): 172.18.18.206 give up to get IPsec-SA due to time up to wait.
racoon: INFO: isakmp.c:1048:isakmp_ph2begin_r(): respond new phase 2 negotiation: 172.18.18.102[0]<=>172.18.18.206[0]
racoon: ERROR: pfkey.c:209:pfkey_handler(): pfkey UPDATE failed: No buffer space available
racoon: ERROR: pfkey.c:209:pfkey_handler(): pfkey ADD failed: No buffer space available