IPSec + L2TP + certifikat, racoon, android

Zdravim

Nemate nekdo rozfungovano IPSec/L2TP s cerfikaty pres racoon server s pripojenim z mobilu ?

Pokousim se o to uz marne par dni. S PSK mi to funguje bez problemu ale s certifikaty to hlasi chyby a nikde se mi nepovedlo najit co to ma znamenat. Kdyz zkusim pripojeni z Win7 tak to slape i s certifikatem - ale ty opravdu pouzivat nebudu :-)

Zkousel jsem i pridat do firewallu a take bez vysledku

iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1400

Racoon server jsem zkousel verze 0.7.3 i 0.8.0.

Chyba z logu:

racoon: INFO: ISAKMP-SA established X.X.X.X[4500]-X.X.X.X[4500] spi:960ff4f1a63f715c:677aa468dadc78a6                    
racoon: ERROR: ignore information because the message is too short - 76 byte(s).                                                       
racoon: NOTIFY: the packet is retransmitted by X.X.X.X[4500] (1).  
racoon: NOTIFY: the packet is retransmitted by X.X.X.X[4500] (1).  
racoon: NOTIFY: the packet is retransmitted by X.X.X.X[4500] (1).

racoon.conf

remote anonymous {                                                              
        exchange_mode main;                                                     
        nat_traversal on;                                                       
        generate_policy on;                                                     
        proposal_check obey;                                                    
        verify_cert on;                                                         
        ike_frag on;                                                            
        ca_type x509 "cacert.pem";                                              
        certificate_type x509 "ipsec_cert.pem" "ipsec_key.pem";       

        proposal {                                                              
                encryption_algorithm 3des;                                      
                hash_algorithm md5;                                             
                authentication_method rsasig;                                   
                dh_group modp1024;                                              
        }             
sainfo anonymous {                                                              
        lifetime time 14400 sec;                                                
        encryption_algorithm aes, 3des;                                        
        authentication_algorithm hmac_sha1;                           
        compression_algorithm deflate;                                          
}

Diky moc za pripadne postrceni spravnym smerem

Dotaz: IPSec + L2TP + certifikat, racoon, android

Odpovědi