# L2TP over IPSec



## Ajax (Jul 9, 2013)

_I'm t_rying to get rid of _anonymous_ in racoon.conf since it appear_s_ in _a_ VAST majority of samples about IPsec but _I_ cannot make the sainfo section to work.

`racoon -dF`

```
2013-07-09 16:30:26: DEBUG: getsainfo params: loc='WORK' rmt='192.168.HOME.IP' peer='192.168.HOME.IP' client='HOME_EXTERNAL' id=0
2013-07-09 16:30:26: DEBUG: evaluating sainfo: loc='HOME_EXTERNAL', rmt='WORK', peer='ANY', id=0
2013-07-09 16:30:26: DEBUG: check and compare ids : value mismatch (IPv4_address)
2013-07-09 16:30:26: DEBUG: cmpid target: 'WORK'
2013-07-09 16:30:26: DEBUG: cmpid source: 'HOME_EXTERNAL'
2013-07-09 16:30:26: ERROR: failed to get sainfo.
2013-07-09 16:30:26: ERROR: failed to get sainfo.
2013-07-09 16:30:26: [HOME] ERROR: failed to pre-process ph2 packet (side: 1, status: 1).
â€¦
```

racoon.conf

```
## IKE Phase 2
sainfo address HOME_EXTERNAL udp address WORK udp
{
        encryption_algorithm     aes,3des;
        authentication_algorithm hmac_sha1;
        compression_algorithm    deflate;
        pfs_group                modp1024;
}
```

If I put all settings for anonymous (as per examples), it works great but I would prefer to keep distinctive addresses I could connect from. Do I miss something obvious in _the_ settings?

_I f_orgot to add: WORK is _the_ tun0 address, this is the way we got Internet on the router host.

_The n_etwork configuration is:

```
192.168.HOME.IP > NAT > HOME_EXTERNAL > PPPoE (my router box to provider)  > internet > PPPoE (FreeBSD 9.1 to provider) > WORK > NAT > OFFICE_NET.
```
`racoon` and `mpd5` listen on _the_ WORK IP address.


----------

