Здравствуйте, помогите поднять VPN туннель. Нужно соединить две сети, внешние IP XXX.XXX.XXX.XXX и YYY.YYY.YYY.YYY, локальные 172.30.2.1 и 85.AAA.AAA.AAA соответственно

При запуске ракуна имеем следующий лог:

racoon -F -v -d -f /etc/racoon/racoon.conf -l /var/log/racoon.log
Foreground mode.
2010-10-09 16:48:07: INFO: @(#)ipsec-tools 0.7.1 (http://ipsec-tools.sourceforge.net)
2010-10-09 16:48:07: INFO: @(#)This product linked OpenSSL 0.9.8h 28 May 2008 (http://www.openssl.org/)
2010-10-09 16:48:07: INFO: Reading configuration from "/etc/racoon/racoon.conf"
2010-10-09 16:48:07: DEBUG: call pfkey_send_register for AH
2010-10-09 16:48:07: DEBUG: call pfkey_send_register for ESP
2010-10-09 16:48:07: DEBUG: call pfkey_send_register for IPCOMP
2010-10-09 16:48:07: INFO: Resize address pool from 0 to 255
2010-10-09 16:48:07: DEBUG: reading config file /etc/racoon/racoon.conf
2010-10-09 16:48:07: DEBUG2: lifetime = 28800
2010-10-09 16:48:07: DEBUG2: lifebyte = 0
2010-10-09 16:48:07: DEBUG2: encklen=0
2010-10-09 16:48:07: DEBUG2: p:1 t:1
2010-10-09 16:48:07: DEBUG2: 3DES-CBC(5)
2010-10-09 16:48:07: DEBUG2: SHA(2)
2010-10-09 16:48:07: DEBUG2: 1024-bit MODP group(2)
2010-10-09 16:48:07: DEBUG2: pre-shared key(1)
2010-10-09 16:48:07: DEBUG2:
2010-10-09 16:48:07: DEBUG: hmac(modp1024)
2010-10-09 16:48:07: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
2010-10-09 16:48:07: DEBUG: getsainfo params: loc='172.30.2.1', rmt='85.9.aaa.aaa', peer='NULL', id=0
2010-10-09 16:48:07: DEBUG: getsainfo pass #2
2010-10-09 16:48:07: DEBUG2: parse successed.
2010-10-09 16:48:07: DEBUG: open /var/run/racoon/racoon.sock as racoon management.
2010-10-09 16:48:07: INFO: XXX.XXX.XXX.XXX[500] used as isakmp port (fd=5)
2010-10-09 16:48:07: INFO: XXX.XXX.XXX.XXX[500] used for NAT-T
2010-10-09 16:48:07: DEBUG: pk_recv: retry[0] recv()
2010-10-09 16:48:07: DEBUG: get pfkey X_SPDDUMP message
2010-10-09 16:48:07: DEBUG2:
02120000 1c000100 01000000 34470000 03000500 ff200000 02000000 ac1e0201
00000000 00000000 03000600 ff200000 02000000 550981dc 00000000 00000000
04000300 00000000 00000000 00000000 00000000 00000000 00000000 00000000
04000400 00000000 00000000 00000000 00000000 00000000 00000000 00000000
04000200 00000000 00000000 00000000 705bb04c 00000000 00000000 00000000
08001200 02000200 d9090000 00000080 30003200 02020000 00000000 00000000
02000000 3e982315 00000000 00000000 02000000 55098015 00000000 00000000
2010-10-09 16:48:07: DEBUG: pk_recv: retry[0] recv()
2010-10-09 16:48:07: DEBUG: get pfkey X_SPDDUMP message
2010-10-09 16:48:07: DEBUG2:
02120000 1c000100 02000000 34470000 03000500 ff200000 02000000 550981dc
00000000 00000000 03000600 ff200000 02000000 ac1e0201 00000000 00000000
04000300 00000000 00000000 00000000 00000000 00000000 00000000 00000000
04000400 00000000 00000000 00000000 00000000 00000000 00000000 00000000
04000200 00000000 00000000 00000000 705bb04c 00000000 00000000 00000000
08001200 02000100 e0090000 00000080 30003200 02020000 00000000 00000000
02000000 55098015 00000000 00000000 02000000 3e982315 00000000 00000000
2010-10-09 16:48:07: DEBUG: sub:0xbfad99e0: 85.9.aaa.aaa/32[0] 172.30.2.1/32[0] proto=any dir=in
2010-10-09 16:48:07: DEBUG: db :0x80e87e0: 172.30.2.1/32[0] 85.9.aaa.aaa/32[0] proto=any dir=out
2010-10-09 16:48:07: DEBUG: pk_recv: retry[0] recv()
2010-10-09 16:48:07: DEBUG: get pfkey X_SPDDUMP message
2010-10-09 16:48:07: DEBUG2:
02120000 1c000100 00000000 34470000 03000500 ff200000 02000000 550981dc
00000000 00000000 03000600 ff200000 02000000 ac1e0201 00000000 00000000
04000300 00000000 00000000 00000000 00000000 00000000 00000000 00000000
04000400 00000000 00000000 00000000 00000000 00000000 00000000 00000000
04000200 00000000 00000000 00000000 705bb04c 00000000 00000000 00000000
08001200 02000300 ea090000 00000080 30003200 02020000 00000000 00000000
02000000 55098015 00000000 00000000 02000000 3e982315 00000000 00000000
2010-10-09 16:48:07: DEBUG: sub:0xbfad99e0: 85.AAA.AAA.AAA/32[0] 172.30.2.1/32[0] proto=any dir=fwd
2010-10-09 16:48:07: DEBUG: db :0x80e87e0: 172.30.2.1/32[0] 85.AAA.AAA.AAA/32[0] proto=any dir=out
2010-10-09 16:48:07: DEBUG: sub:0xbfad99e0: 85.AAA.AAA.AAA/32[0] 172.30.2.1/32[0] proto=any dir=fwd
2010-10-09 16:48:07: DEBUG: db :0x80e8a28: 85.AAA.AAA.AAA/32[0] 172.30.2.1/32[0] proto=any dir=in

На этом все останавливается, при нажатии CTRL+C имеем

^C2010-10-09 16:48:12: INFO: caught signal 2
2010-10-09 16:48:12: DEBUG: pk_recv: retry[0] recv()
2010-10-09 16:48:12: DEBUG: get pfkey FLUSH message
2010-10-09 16:48:12: DEBUG2:
02090000 02000100 00000000 34470000
2010-10-09 16:48:12: DEBUG2: flushing all ph2 handlers...
2010-10-09 16:48:13: DEBUG: call pfkey_send_dump
2010-10-09 16:48:13: DEBUG: pk_recv: retry[0] recv()
2010-10-09 16:48:13: INFO: racoon shutdown

Вот мой Racoon.conf

# "path" affects "include" directives.  "path" must be specified before any
# "include" directive with relative file path.
# you can overwrite "path" directive afterwards, however, doing so may add
# more confusion.
path include "/etc/racoon";
#include "remote.conf";

# the file should contain key ID/key pairs, for pre-shared key authentication.
path pre_shared_key "/etc/racoon/psk.txt";

# racoon will look for certificate file in the directory,
# if the certificate/certificate request payload is received.
# path certificate "/etc/cert";

# "log" specifies logging level.  It is followed by either "notify", "debug"
# or "debug2".
log debug;
#log notify;

# "padding" defines some padding parameters.  You should not touch these.
padding
{
        maximum_length 20;      # maximum padding length.
        randomize off;          # enable randomize length.
        strict_check off;       # enable strict check.
        exclusive_tail off;     # extract last one octet.
}
listen
{
        isakmp XXX.XXX.XXX.XXX [500];
}
timer
{
        # These value can be changed per remote node.
        counter 5;              # maximum trying count to send.
        interval 20 sec;        # maximum interval to resend.
        persend 1;              # the number of packets per send.

        # maximum time to wait for completing each phase.
        phase1 30 sec;
        phase2 15 sec;
}

        remote YYY.YYY.YYY.YYY
{
        exchange_mode main,aggressive;
        doi ipsec_doi;
        situation identity_only;

        my_identifier address XXX.XXX.XXX.XXX;
        peers_identifier address YYY.YYY.YYY.YYY;
        nonce_size 16;
        initial_contact on;
        proposal_check obey;    # obey, strict, or claim

        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2;
        }
}
sainfo address 172.30.2.1[any] any address 85.AAA.AAA.AAA[any] any
{
        pfs_group 2;
        encryption_algorithm 3des;
        authentication_algorithm hmac_sha1;
        compression_algorithm deflate;
}

Setkey.conf

# First of all flush the SPD database
flush;
spdflush;

# Add some SPD rules
# Very likely you'll want to replace these rules with your own ones

spdadd 172.30.2.1/32 85.AAA.AAA.AAA/32 any -P out ipsec
esp/tunnel/XXX.XXX.XXX.XXX-YYY.YYY.YYY.YYY/require;
spdadd 85.AAA.AAA.AAA/32 172.30.2.1/32 any -P in ipsec
esp/tunnel/YYY.YYY.YYY.YYY-XXX.XXX.XXX.XXX/require;