Some sample using racoon as a roadwarrior client?

Hi all,

  Somebody have tried to use racoon as a roadwarrior vpn
client (with 
nat-t and xauth) to interoperate with NGX ?? Somebody can
show me some 
example?

I have spent two days on this without luck.

Thanks
-- 
CL Martinez
carlopmart  gmail  com

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

This sound like a promising thread. I only achieved to setup
ipsec tunel
racoon-NGX but had no luck to use it as a roadwarrior
client. I know the
only way to get this is to use certificates, but I tried it
with no
success. I tried to translate the freeswan configuration to
racoon:

http://www.fw-1.de/aerasec/n
g/vpn-freeswan/CP-FW1-NG+Linux-FreeSWAN-RoadWarrior.html

I didn't tried the freeswan way.

This is my last racoon.conf used:

path certificate "/etc/racoon/cert";
path pre_shared_key "/etc/racoon/psk.txt";

listen {
        adminsock "/var/racoon/racoon.sock"
"root" "operator" 0660;
}

remote 192.168.200.103 {
        exchange_mode main;
        lifetime time 24 hour;
        script "/etc/racoon/phase1-up.sh"
phase1_up;
        script "/etc/racoon/phase1-down.sh"
phase1_down;
        proposal {
                encryption_algorithm 3des;
                hash_algorithm md5;
                authentication_method pre_shared_key;
                dh_group 2;
        }
}


sainfo anonymous {
        pfs_group 2;
        lifetime time 1 hour;
        encryption_algorithm aes;
        authentication_algorithm hmac_sha1;
        compression_algorithm deflate ;
}

carlopmart wrote:
> Hi all,
> 
>  Somebody have tried to use racoon as a roadwarrior vpn
client (with
> nat-t and xauth) to interoperate with NGX ?? Somebody
can show me some
> example?
> 
> I have spent two days on this without luck.
> 
> Thanks

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

Thanks javier, but i have tried similar configuration
without a result. 
Freeswan and openswan do not work either. Somebody knows
some gnu ipsec 
client that can works using this type of configuration:
roadwarrior, 
xauth and nat-t?


Javier Hijas wrote:
> This sound like a promising thread. I only achieved to
setup ipsec tunel
> racoon-NGX but had no luck to use it as a roadwarrior
client. I know the
> only way to get this is to use certificates, but I
tried it with no
> success. I tried to translate the freeswan
configuration to racoon:
> 
> http://www.fw-1.de/aerasec/n
g/vpn-freeswan/CP-FW1-NG+Linux-FreeSWAN-RoadWarrior.html
> 
> I didn't tried the freeswan way.
> 
> This is my last racoon.conf used:
> 
> path certificate "/etc/racoon/cert";
> path pre_shared_key "/etc/racoon/psk.txt";
> 
> listen {
>         adminsock "/var/racoon/racoon.sock"
"root" "operator" 0660;
> }
> 
> remote 192.168.200.103 {
>         exchange_mode main;
>         lifetime time 24 hour;
>         script "/etc/racoon/phase1-up.sh"
phase1_up;
>         script "/etc/racoon/phase1-down.sh"
phase1_down;
>         proposal {
>                 encryption_algorithm 3des;
>                 hash_algorithm md5;
>                 authentication_method pre_shared_key;
>                 dh_group 2;
>         }
> }
> 
> 
> sainfo anonymous {
>         pfs_group 2;
>         lifetime time 1 hour;
>         encryption_algorithm aes;
>         authentication_algorithm hmac_sha1;
>         compression_algorithm deflate ;
> }
> 
> carlopmart wrote:
>> Hi all,
>>
>>  Somebody have tried to use racoon as a roadwarrior
vpn client (with
>> nat-t and xauth) to interoperate with NGX ??
Somebody can show me some
>> example?
>>
>> I have spent two days on this without luck.
>>
>> Thanks
> 
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
> 

-- 
CL Martinez
carlopmart  gmail  com

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================