All pastes #2098168 Raw Edit

dr-yay

public text v1 · immutable
#2098168 ·published 2012-01-02 13:52 UTC
rendered paste body
Вот какая проблема при попытке проложить туннель через IPSEC между dlink DI-808HV и racoon на центось5:

#grep racoon /var/log/messages | tail
Mar 17 10:26:45 router racoon: INFO: respond new phase 1 negotiation: 192.168.1.254[500]<=>192.168.1.201[500] 
Mar 17 10:26:45 router racoon: INFO: begin Aggressive mode. 
Mar 17 10:26:45 router racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03 
Mar 17 10:26:45 router racoon: WARNING: SPI size isn't zero, but IKE proposal. 
Mar 17 10:26:45 router racoon: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#1) = MD5:SHA 
Mar 17 10:26:45 router racoon: ERROR: no suitable proposal found. 
Mar 17 10:26:45 router racoon: ERROR: failed to get valid proposal. 
Mar 17 10:26:45 router racoon: ERROR: failed to process packet. 

а вот что в логах у длинка:
Send IKE A1(AINIT) : 192.168.1.201 --> 192.168.1.254
IKED re-TX : AINIT to 192.168.1.254
IKED re-TX : AINIT to 192.168.1.254
IKED re-TX : AINIT to 192.168.1.254
IKED re-TX : AINIT to 192.168.1.254
IKE phase1 (ISAKMP SA) remova 192.168.1.201 <-> 192.168.1.254