<div dir="ltr">Hi, <br><br>I'm behind NAT (and diffrent exit point each time) , And need to connect to a lab with a SSG5 juniper gateway.<br>The solution I'm asking for is a FOSS solution (one that can be downloaded from debian/centos reps.).<br>
<br>Followed <a href="http://www.bluetrait.com/archive/2006/09/27/racoon-to-netscreen-vpn-dialup/">http://www.bluetrait.com/archive/2006/09/27/racoon-to-netscreen-vpn-dialup/</a> and <a href="http://www.linuxpoweruser.com/?p=53">http://www.linuxpoweruser.com/?p=53</a> but without any sucess (stuck on phase 1).<br>
<br>racoon conf:<br><br><start><br><br>#<br># NOTE: This file will not be used if you use racoon-tool(8) to manage your<br># IPsec connections. racoon-tool will process racoon-tool.conf(5) and<br># generate a configuration (/var/lib/racoon/racoon.conf) and use it, instead<br>
# of this file.<br>#<br># Simple racoon.conf<br># <br>#<br># Please look in /usr/share/doc/racoon/examples for<br># examples that come with the source.<br>#<br># Please read racoon.conf(5) for details, and alsoread setkey(8).<br>
#<br>#<br># Also read the Linux IPSEC Howto up at <br># <a href="http://www.ipsec-howto.org/t1.html">http://www.ipsec-howto.org/t1.html</a> <br>#<br><br>path pre_shared_key "/etc/racoon/psk.txt";<br>path certificate "/etc/racoon/certs";<br>
<br><br># Remote host<br>remote SSG5_PUBLIC_IP<br>{<br>exchange_mode aggressive;<br><br>my_identifier user_fqdn "IKE_User"; #taken from IKE_USER field<br><br>lifetime time 28800 sec;<br>proposal {<br> encryption_algorithm 3des;<br>
hash_algorithm sha1;<br> authentication_method pre_shared_key;<br> dh_group modp1024;<br>}<br>}<br><br>sainfo anonymous<br>{<br> pfs_group modp1024;<br> lifetime time 3600 sec;<br> encryption_algorithm 3des;<br>
authentication_algorithm hmac_sha1;<br> compression_algorithm deflate;<br>}<br><br><br><end><br><br>my ipsec.tools:<br>In the lab the ips are 192.168.1.X on my nat they are 192.168.0.X<br>MY_PUBLICIP is an IPv4 recived from the ISP.<br>
LABIP is a static IPv4.<br><br><begin><br><br>#!/usr/sbin/setkey -vvf<br><br>flush;<br>spdflush;<br><br>#outbound<br>spdadd MY_PUBLICIP <a href="http://192.168.1.0/24">192.168.1.0/24</a> any<br>-P out ipsec esp/tunnel/MY_PUBLICIP-LABIP/require;<br>
<br>#inbound<br>spdadd <a href="http://192.168.1.0/24">192.168.1.0/24</a> MY_PUBLICIP any<br>-P in ipsec esp/tunnel/LABIP-MY_PUBLICIP/require;<br><br><end><br><br>I have and SPD file (just hton the address to get the ip values from a dword) used by netscreenremote.<br>
<br><br></div>