Hi,

I have one network interface with two IP, the first
one is 10.118.213.113(eth0) and the other is 10.118.213.104 (eth1)
At the moment, I want to setup one IPSec tunnels with
the remote machine:10.118.213.69(eth0).

But when I use local machine to trigger the IKE negotiation,
racoon uses 10.118.213.113 and 10.118.213.104 both as the source IP such that
tunnel is establish b/w both the IP 10.118.213.113 & 10.118.213.69 and 10.118.213.104 & 10.118.213.69.

But I want a tunnel only b/w one IP 10.118.213.113 & 10.118.213.69. and I want 10.118.213.104 IP ping from any machine (I want no tunnel created with the 10.118.213.104 IP).

My setkey.conf file:-
# Flush the SAD and SPD
flush;
spdflush;

# Create policies for racoon
spdadd 10.118.213.69/24 10.118.213.113/24 any -P in ipsec
esp/tunnel/10.118.213.69-10.118.213.113/require;

spdadd 10.118.213.113/24 10.118.213.69/24 any -P out ipsec
esp/tunnel/10.118.213.113-10.118.213.69/require;

My racoon.conf file :-

path include "/etc/racoon";
#path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";

remote 10.118.213.69
{
exchange_mode main;
lifetime time 24hour;
certificate_type x509 "rncpet113_cert.pem" "rncpet113_key.pem";
verify_cert off;
my_identifier asn1dn;
peers_identifier asn1dn;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method rsasig;
dh_group 2;
}
}

sainfo address 10.118.213.113/24 any address 10.118.213.69/24 any {
pfs_group 2;
lifetime time 24 hour ;
encryption_algorithm 3des ;
authentication_algorithm hmac_md5 ;
compression_algorithm deflate ;
}



Can anyone help me ?

Vaibhav