Fedora-26-cisco-ipsec-racoon

dnf install ipsec-tools -y

firewall-cmd --add-service=ipsec --permanent
firewall-cmd --add-masquerade --permanent
firewall-cmd --add-service=ipsec
firewall-cmd --add-masquerade

mv /etc/racoon/racoon.conf  /etc/racoon/racoon.conf.001

cat >>/etc/racoon/racoon.conf<<EOF
log info;
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path script "/etc/racoon/scripts";

remote anonymous {
      exchange_mode base,main,aggressive;
        doi ipsec_doi;
        situation identity_only;
        verify_identifier on;
        weak_phase1_check on;
        ike_frag on;
        #esp_frag 552;
        initial_contact on;
        passive on;
        proposal_check obey;
        support_proxy on;
        generate_policy unique;
        nat_traversal on;
        dpd_delay = 30;
        dpd_retry = 30;
        dpd_maxfail = 800;
        rekey off;
        nonce_size 21;
        mode_cfg = on;
        proposal {
                #des, 3des, blowfish, cast128, aes, camellia
                #encryption_algorithm blowfish;
                encryption_algorithm 3des;
                #  md5, sha1, sha256, sha384,  sha512
                hash_algorithm sha1;
                authentication_method xauth_psk_server;
                dh_group 2;
                lifetime time 24 hour;
        }
}

timer {
    counter 5;
    interval 10 sec;
    persend 1;
    phase1 15 sec;
    phase2 10 sec;
    natt_keepalive 20 sec;
}

listen {
#    isakmp 192.168.1.73 [500];
#    isakmp 192.168.1.73 [2500];
#    isakmp_natt 192.168.1.73 [4500];
#    strict_address;
}

sainfo anonymous {
    lifetime time 24 hour ;
    # des,3des,aes,blowfish,twofish,rijndael,camellia;
    encryption_algorithm 3des,blowfish;
    # hmac_md5,hmac_sha1,hmac_sha256,hmac_sha384,hmac_sha512,non_auth;
    authentication_algorithm hmac_sha1,hmac_md5;
    remoteid 0;
    pfs_group modp8192;
    #pfs_group 2;
    compression_algorithm deflate;
}

padding {
    randomize on;
    randomize_length on;
    maximum_length 26;
    exclusive_tail on;
    strict_check on;
    strict_check off;
}

mode_cfg {
    banner "/etc/racoon/motd";
    #auth_source pam;
    auth_source system;
    accounting system;
    conf_source local;
    pfs_group 2;
    default_domain "localhost";

    network4 192.168.100.1;
    netmask4 255.255.255.0;
    dns4 8.8.8.8,8.8.4.4;
    wins4 8.8.8.8,8.8.4.4;
    pool_size 254;
    save_passwd on;
}
EOF

echo "success" > /etc/racoon/motd
echo "racoon racoon" >> /etc/racoon/psk.txt
adduser -m -s /sbin/nologin racoon
echo 'racoon' | passwd --stdin racoon
systemctl start racoon
tail -f /var/log/messages
tcpdump port 500

配置完成后无法上网 没有找到原因