日前架設 L2TP IPsec VPN
其Server設定檔如下:
#---------------------------------------------------------#
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
remote anonymous {
exchange_mode main;
generate_policy on;
certificate_type x509 "server.pem" "server.key" ;
verify_cert on;
my_identifier asn1dn;
peers_identifier asn1dn;
proposal {
authentication_method rsasig;
hash_algorithm sha1;
encryption_algorithm 3des;
dh_group modp1024;
lifetime time 1 hours;
}
}
sainfo anonymous {
lifetime time 1 hours;
encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate ;
}
#---------------------------------------------------------#
當建立連線時logfile裡卻出現以下錯誤訊息:
#<<<<<<<<<<<<<<<<<<<<<<< 錯誤訊息 >>>>>>>>>>>>>>>>>>>>>>>>#
racoon: ERROR: invalid DH group 20.
racoon: ERROR: invalid DH group 19.
racoon: ERROR: rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 1024-bit MODP group:2048-bit MODP group
racoon: ERROR: no suitable proposal found.
racoon: ERROR: failed to get valid proposal.
racoon: ERROR: failed to process packet.
#<<<<<<<<<<<<<<<<<<<<<<< 錯誤訊息 >>>>>>>>>>>>>>>>>>>>>>>>#
看起來似乎是 dh_group 參數的問題
但是無論修改成什麼參數都會出現類似的問題
想請教一下該如何解決???
--
All Comments