thr3ads.net - freebsd security - IPsec works, but racoon/IKE does not [Apr 2004]

If this information is useful, please help other people find it:
Share via:

Dan Langille

2004-Apr-27 18:13 UTC

IPsec works, but racoon/IKE does not

I have no idea whatsoever as to why racoon/IKE does not work here.
 I've tried various how-to documents but found nothing that works for 
me.

Gateway (10.0.0.1) running 4.9-stable.
Laptop (10.0.0.10) running 5.2.1-release.

Both running racoon-20040408a

On the gateway 10.0.0.1
# cat /etc/ipsec.conf
add 10.0.0.1  10.0.0.10 esp 691 -E rijndael-cbc "1234567890123456" -A 
hmac-sha1 "12345678901234567890";
add 10.0.0.10 10.0.0.1  esp 693 -E rijndael-cbc "1234567890123456" -A 
hmac-sha1 "12345678901234567890";

spdadd 10.0.0.0/24 0.0.0.0/0   any -P in  ipsec esp/tunnel/10.0.0.10-
10.0.0.1/require;
spdadd 0.0.0.0/0   10.0.0.0/24 any -P out ipsec esp/tunnel/10.0.0.1-
10.0.0.10/require;


On the laptop (10.0.0.10):

add 10.0.0.1  10.0.0.10 esp 691 -E rijndael-cbc "1234567890123456" -A 
hmac-sha1 "12345678901234567890";
add 10.0.0.10 10.0.0.1  esp 693 -E rijndael-cbc "1234567890123456" -A 
hmac-sha1 "12345678901234567890";

spdadd 10.0.0.0/24 0.0.0.0/0   any -P out ipsec esp/tunnel/10.0.0.10-
10.0.0.1/require;
spdadd  0.0.0.0/0  10.0.0.0/24 any -P in  ipsec esp/tunnel/10.0.0.1-
10.0.0.10/require;

With this setup, IPsec works just fine between the two boxes.  If 
comment 
out the two "add" lines in each /etc/ipsec.conf, and keep the 
"spdadd" lines, 
and do this on both machines:

setkey -F
setkey -FP
setkey -f /etc/ipsec.conf
/usr/local/sbin/racoon -F -v

I see this on the gateway.  Does this mean anything to anyone?  
Thanks.

Foreground mode.
2004-04-27 20:52:14: INFO: main.c:172:main(): @(#)package version 
freebsd-20040408a
2004-04-27 20:52:14: INFO: main.c:174:main(): @(#)internal version 
20001216 sakane@kame.net
2004-04-27 20:52:14: INFO: main.c:175:main(): @(#)This product linked 
OpenSSL 0.9.7c-p1 30 Sep 2003 (http://www.openssl.org/)
2004-04-27 20:52:14: DEBUG: algorithm.c:614:alg_oakley_dhdef(): 
hmac(modp1024)
2004-04-27 20:52:14: DEBUG: pfkey.c:2379:pk_checkalg(): compression 
algorithm can not be checked because sadb message doesn't suppo
rt it.
2004-04-27 20:52:14: INFO: isakmp.c:1368:isakmp_open(): 10.0.0.1[500] 
used as isakmp port (fd=5)
2004-04-27 20:52:14: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey 
X_SPDDUMP message
2004-04-27 20:52:14: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey 
X_SPDDUMP message
2004-04-27 20:52:14: DEBUG: policy.c:184:cmpspidxstrict(): 
sub:0xbfbff958: 0.0.0.0/0[0] 10.0.0.0/24[0] proto=any dir=out
2004-04-27 20:52:14: DEBUG: policy.c:185:cmpspidxstrict(): db 
:0x80a1c08: 10.0.0.0/24[0] 0.0.0.0/0[0] proto=any dir=in
2004-04-27 20:52:18: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey 
ACQUIRE message
2004-04-27 20:52:18: DEBUG: pfkey.c:1620:pk_recvacquire(): suitable 
outbound SP found: 0.0.0.0/0[0] 10.0.0.0/24[0] proto=any dir=ou
t.
2004-04-27 20:52:18: DEBUG: policy.c:184:cmpspidxstrict(): 
sub:0xbfbff944: 10.0.0.0/24[0] 0.0.0.0/0[0] proto=any dir=in
2004-04-27 20:52:18: DEBUG: policy.c:185:cmpspidxstrict(): db 
:0x80a1c08: 10.0.0.0/24[0] 0.0.0.0/0[0] proto=any dir=in
2004-04-27 20:52:18: DEBUG: pfkey.c:1636:pk_recvacquire(): suitable 
inbound SP found: 10.0.0.0/24[0] 0.0.0.0/0[0] proto=any dir=in.
2004-04-27 20:52:18: DEBUG: pfkey.c:1675:pk_recvacquire(): new 
acquire 0.0.0.0/0[0] 10.0.0.0/24[0] proto=any dir=out
2004-04-27 20:52:18: DEBUG: sainfo.c:112:getsainfo(): anonymous 
sainfo selected.
2004-04-27 20:52:18: DEBUG: proposal.c:828:printsaproto():  
(proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel 
reqi
d=0:0)
2004-04-27 20:52:18: DEBUG: proposal.c:862:printsatrns():   
(trns_id=3DES encklen=0 authtype=hmac-sha)
2004-04-27 20:52:18: DEBUG: proposal.c:862:printsatrns():   
(trns_id=3DES encklen=0 authtype=hmac-md5)
2004-04-27 20:52:18: DEBUG: proposal.c:862:printsatrns():   
(trns_id=BLOWFISH encklen=448 authtype=hmac-sha)
2004-04-27 20:52:18: DEBUG: proposal.c:862:printsatrns():   
(trns_id=BLOWFISH encklen=448 authtype=hmac-md5)
2004-04-27 20:52:18: DEBUG: proposal.c:862:printsatrns():   
(trns_id=RIJNDAEL encklen=128 authtype=hmac-sha)
2004-04-27 20:52:18: DEBUG: proposal.c:862:printsatrns():   
(trns_id=RIJNDAEL encklen=128 authtype=hmac-md5)
2004-04-27 20:52:18: DEBUG: remoteconf.c:129:getrmconf(): anonymous 
configuration selected for 10.0.0.10.
2004-04-27 20:52:18: INFO: isakmp.c:1694:isakmp_post_acquire(): IPsec-
SA request for 10.0.0.10 queued due to no phase1 found.
2004-04-27 20:52:18: DEBUG: isakmp.c:803:isakmp_ph1begin_i(): ==2004-04-27
20:52:18: INFO: isakmp.c:808:isakmp_ph1begin_i(): initiate
new phase 1 negotiation: 10.0.0.1[500]<=>10.0.0.10[500]
2004-04-27 20:52:18: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin 
Aggressive mode.
2004-04-27 20:52:18: DEBUG: isakmp.c:2006:isakmp_newcookie(): new 
cookie:
055c6e2d1a6f5cf0
2004-04-27 20:52:18: DEBUG: ipsec_doi.c:3238:ipsecdoi_setid1(): use 
ID type of IPv4_address
2004-04-27 20:52:19: DEBUG: oakley.c:300:oakley_dh_generate(): 
compute DH's private.
2004-04-27 20:52:19: DEBUG: plog.c:193:plogdump():
6e308efc dd12bb8c 43b3870d 470f6826 b75dcfed 51e9a827 7bfc9fb6 
104e5038
ad255135 511f1047 029ebff4 059f5a66 3950f8df 1cf256d9 cae1b8a3 
b72834de
8e0e440e aa85a078 70a283ba ea50c4c4 91004723 05892a7a 39694b9f 
289e24e9
8931c02e 42830d85 91393b1d e67c6654 6a07a1ea 14929170 5c670bdd 
3314cfea
2004-04-27 20:52:19: DEBUG: oakley.c:302:oakley_dh_generate(): 
compute DH's public.
2004-04-27 20:52:19: DEBUG: plog.c:193:plogdump():
740d9432 471292e7 904d632f 29a2f3a5 aebdac90 1890488c ed630ccc 
a630afea
2c12c7c7 5f33aee7 8cab687d e03c0f84 28267175 3674acaf 3105339b 
0796e4df
737fcac3 1e3cbdf7 34d1fe6d 0d65c16c 7f0125e6 7a71e10d 55473f4f 
6ec53f95
b4d786bd a6656857 a377e251 bedcea49 05cd8477 ff460c16 fbfcd342 
aea5ac79
2004-04-27 20:52:19: DEBUG: isakmp_agg.c:161:agg_i1send(): authmethod 
is pre-shared key
2004-04-27 20:52:19: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add 
payload of len 52, next type 1
2004-04-27 20:52:19: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add 
payload of len 128, next type 4
2004-04-27 20:52:19: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add 
payload of len 16, next type 10
2004-04-27 20:52:19: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add 
payload of len 8, next type 5
2004-04-27 20:52:19: DEBUG: isakmp.c:2295:isakmp_printpacket(): 
begin.
52:19.544602 10.0.0.1:500 -> 10.0.0.10:500: isakmp 1.0 msgid 00000000 
cookie 055c6e2d1a6f5cf0->0000000000000000: phase 1 I agg:
    (sa: doi=ipsec situation=identity
        (p: #1 protoid=isakmp transform=1
            (t: #1 id=ike (type=lifetype value=sec)(type=lifeduration 
len=4 value=00015180)(type=enc value=3des)(type=auth value=pr
eshared)(type=hash value=sha1)(type=group desc value=modp1024))))
    (ke: key len=128)
    (nonce: n len=16)
    (id: idtype=IPv4 protoid=udp port=500 len=4 10.0.0.1)
2004-04-27 20:52:19: DEBUG: sockmisc.c:421:sendfromto(): sockname 
10.0.0.1[500]
2004-04-27 20:52:19: DEBUG: sockmisc.c:423:sendfromto(): send packet 
from 10.0.0.1[500]
2004-04-27 20:52:19: DEBUG: sockmisc.c:425:sendfromto(): send packet 
to 10.0.0.10[500]
2004-04-27 20:52:19: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 
248 bytes message will be sent to 10.0.0.10[500]
2004-04-27 20:52:19: DEBUG: plog.c:193:plogdump():
055c6e2d 1a6f5cf0 00000000 00000000 01100400 00000000 000000f8 
04000038
00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 
000c0004
00015180 80010005 80030001 80020002 80040002 0a000084 740d9432 
471292e7
904d632f 29a2f3a5 aebdac90 1890488c ed630ccc a630afea 2c12c7c7 
5f33aee7
8cab687d e03c0f84 28267175 3674acaf 3105339b 0796e4df 737fcac3 
1e3cbdf7
34d1fe6d 0d65c16c 7f0125e6 7a71e10d 55473f4f 6ec53f95 b4d786bd 
a6656857
a377e251 bedcea49 05cd8477 ff460c16 fbfcd342 aea5ac79 05000014 
bf9a051a
8cbfbef6 30991dd7 190ff373 0000000c 011101f4 0a000001
2004-04-27 20:52:19: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend 
phase1 packet 055c6e2d1a6f5cf0:0000000000000000
2004-04-27 20:52:29: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey 
ACQUIRE message
2004-04-27 20:52:29: DEBUG: pfkey.c:1604:pk_recvacquire(): ignore the 
acquire because ph2 found
2004-04-27 20:52:37: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey 
ACQUIRE message
2004-04-27 20:52:37: DEBUG: pfkey.c:1604:pk_recvacquire(): ignore the 
acquire because ph2 found
2004-04-27 20:52:40: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey 
ACQUIRE message
2004-04-27 20:52:40: DEBUG: pfkey.c:1604:pk_recvacquire(): ignore the 
acquire because ph2 found
2004-04-27 20:52:40: DEBUG: sockmisc.c:421:sendfromto(): sockname 
10.0.0.1[500]
2004-04-27 20:52:40: DEBUG: sockmisc.c:423:sendfromto(): send packet 
from 10.0.0.1[500]
2004-04-27 20:52:40: DEBUG: sockmisc.c:425:sendfromto(): send packet 
to 10.0.0.10[500]
2004-04-27 20:52:40: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 
248 bytes message will be sent to 10.0.0.10[500]
2004-04-27 20:52:40: DEBUG: plog.c:193:plogdump():
055c6e2d 1a6f5cf0 00000000 00000000 01100400 00000000 000000f8 
04000038
00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 
000c0004
00015180 80010005 80030001 80020002 80040002 0a000084 740d9432 
471292e7
904d632f 29a2f3a5 aebdac90 1890488c ed630ccc a630afea 2c12c7c7 
5f33aee7
8cab687d e03c0f84 28267175 3674acaf 3105339b 0796e4df 737fcac3 
1e3cbdf7
34d1fe6d 0d65c16c 7f0125e6 7a71e10d 55473f4f 6ec53f95 b4d786bd 
a6656857
a377e251 bedcea49 05cd8477 ff460c16 fbfcd342 aea5ac79 05000014 
bf9a051a
8cbfbef6 30991dd7 190ff373 0000000c 011101f4 0a000001
2004-04-27 20:52:43: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend 
phase1 packet 055c6e2d1a6f5cf0:0000000000000000
2004-04-27 20:52:50: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey 
ACQUIRE message
2004-04-27 20:52:50: DEBUG: pfkey.c:1604:pk_recvacquire(): ignore the 
acquire because ph2 found
2004-04-27 20:52:53: ERROR: isakmp.c:1786:isakmp_chkph1there(): 
phase2 negotiation failed due to time up waiting for phase1. ESP 10
.0.0.10->10.0.0.1
2004-04-27 20:52:53: INFO: isakmp.c:1791:isakmp_chkph1there(): delete 
phase 2 handler.
2004-04-27 20:53:00: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey 
ACQUIRE message
2004-04-27 20:53:00: DEBUG: pfkey.c:1620:pk_recvacquire(): suitable 
outbound SP found: 0.0.0.0/0[0] 10.0.0.0/24[0] proto=any dir=ou
t.
2004-04-27 20:53:00: DEBUG: policy.c:184:cmpspidxstrict(): 
sub:0xbfbff944: 10.0.0.0/24[0] 0.0.0.0/0[0] proto=any dir=in
2004-04-27 20:53:00: DEBUG: policy.c:185:cmpspidxstrict(): db 
:0x80a1c08: 10.0.0.0/24[0] 0.0.0.0/0[0] proto=any dir=in
2004-04-27 20:53:00: DEBUG: pfkey.c:1636:pk_recvacquire(): suitable 
inbound SP found: 10.0.0.0/24[0] 0.0.0.0/0[0] proto=any dir=in.
2004-04-27 20:53:00: DEBUG: pfkey.c:1675:pk_recvacquire(): new 
acquire 0.0.0.0/0[0] 10.0.0.0/24[0] proto=any dir=out
2004-04-27 20:53:00: DEBUG: sainfo.c:112:getsainfo(): anonymous 
sainfo selected.
2004-04-27 20:53:00: DEBUG: proposal.c:828:printsaproto():  
(proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel 
reqi
d=0:0)
2004-04-27 20:53:00: DEBUG: proposal.c:862:printsatrns():   
(trns_id=3DES encklen=0 authtype=hmac-sha)
2004-04-27 20:53:00: DEBUG: proposal.c:862:printsatrns():   
(trns_id=3DES encklen=0 authtype=hmac-md5)
2004-04-27 20:53:00: DEBUG: proposal.c:862:printsatrns():   
(trns_id=BLOWFISH encklen=448 authtype=hmac-sha)
2004-04-27 20:53:00: DEBUG: proposal.c:862:printsatrns():   
(trns_id=BLOWFISH encklen=448 authtype=hmac-md5)
2004-04-27 20:53:06: DEBUG: proposal.c:862:printsatrns():   
(trns_id=RIJNDAEL encklen=128 authtype=hmac-sha)
2004-04-27 20:53:06: DEBUG: proposal.c:862:printsatrns():   
(trns_id=RIJNDAEL encklen=128 authtype=hmac-md5)
2004-04-27 20:53:06: DEBUG: remoteconf.c:129:getrmconf(): anonymous 
configuration selected for 10.0.0.10.
2004-04-27 20:53:06: INFO: isakmp.c:1713:isakmp_post_acquire(): 
request for establishing IPsec-SA was queued due to no phase1 found
.
2004-04-27 20:53:06: DEBUG: sockmisc.c:421:sendfromto(): sockname 
10.0.0.1[500]
2004-04-27 20:53:06: DEBUG: sockmisc.c:423:sendfromto(): send packet 
from 10.0.0.1[500]
2004-04-27 20:53:06: DEBUG: sockmisc.c:425:sendfromto(): send packet 
to 10.0.0.10[500]
2004-04-27 20:53:06: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 
248 bytes message will be sent to 10.0.0.10[500]
2004-04-27 20:53:06: DEBUG: plog.c:193:plogdump():
055c6e2d 1a6f5cf0 00000000 00000000 01100400 00000000 000000f8 
04000038
00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 
000c0004
00015180 80010005 80030001 80020002 80040002 0a000084 740d9432 
471292e7
904d632f 29a2f3a5 aebdac90 1890488c ed630ccc a630afea 2c12c7c7 
5f33aee7
8cab687d e03c0f84 28267175 3674acaf 3105339b 0796e4df 737fcac3 
1e3cbdf7
34d1fe6d 0d65c16c 7f0125e6 7a71e10d 55473f4f 6ec53f95 b4d786bd 
a6656857
a377e251 bedcea49 05cd8477 ff460c16 fbfcd342 aea5ac79 05000014 
bf9a051a
8cbfbef6 30991dd7 190ff373 0000000c 011101f4 0a000001
2004-04-27 20:53:06: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend 
phase1 packet 055c6e2d1a6f5cf0:0000000000000000
2004-04-27 20:53:06: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey 
ACQUIRE message
2004-04-27 20:53:06: DEBUG: pfkey.c:1604:pk_recvacquire(): ignore the 
acquire because ph2 found
2004-04-27 20:53:13: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey 
ACQUIRE message
2004-04-27 20:53:13: DEBUG: pfkey.c:1604:pk_recvacquire(): ignore the 
acquire because ph2 found
2004-04-27 20:53:24: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey 
ACQUIRE message
2004-04-27 20:53:24: DEBUG: pfkey.c:1604:pk_recvacquire(): ignore the 
acquire because ph2 found
2004-04-27 20:53:26: DEBUG: sockmisc.c:421:sendfromto(): sockname 
10.0.0.1[500]
2004-04-27 20:53:26: DEBUG: sockmisc.c:423:sendfromto(): send packet 
from 10.0.0.1[500]
2004-04-27 20:53:26: DEBUG: sockmisc.c:425:sendfromto(): send packet 
to 10.0.0.10[500]
2004-04-27 20:53:26: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 
248 bytes message will be sent to 10.0.0.10[500]
2004-04-27 20:53:26: DEBUG: plog.c:193:plogdump():
055c6e2d 1a6f5cf0 00000000 00000000 01100400 00000000 000000f8 
04000038
00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 
000c0004
00015180 80010005 80030001 80020002 80040002 0a000084 740d9432 
471292e7
904d632f 29a2f3a5 aebdac90 1890488c ed630ccc a630afea 2c12c7c7 
5f33aee7
8cab687d e03c0f84 28267175 3674acaf 3105339b 0796e4df 737fcac3 
1e3cbdf7
34d1fe6d 0d65c16c 7f0125e6 7a71e10d 55473f4f 6ec53f95 b4d786bd 
a6656857
a377e251 bedcea49 05cd8477 ff460c16 fbfcd342 aea5ac79 05000014 
bf9a051a
8cbfbef6 30991dd7 190ff373 0000000c 011101f4 0a000001
2004-04-27 20:53:26: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend 
phase1 packet 055c6e2d1a6f5cf0:0000000000000000
2004-04-27 20:53:34: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey 
ACQUIRE message
2004-04-27 20:53:34: DEBUG: pfkey.c:1604:pk_recvacquire(): ignore the 
acquire because ph2 found
2004-04-27 20:53:37: ERROR: isakmp.c:1786:isakmp_chkph1there(): 
phase2 negotiation failed due to time up waiting for phase1. ESP 10
.0.0.10->10.0.0.1
2004-04-27 20:53:37: INFO: isakmp.c:1791:isakmp_chkph1there(): delete 
phase 2 handler.
2004-04-27 20:53:45: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey 
ACQUIRE message
2004-04-27 20:53:45: DEBUG: pfkey.c:1620:pk_recvacquire(): suitable 
outbound SP found: 0.0.0.0/0[0] 10.0.0.0/24[0] proto=any dir=ou
t.
2004-04-27 20:53:45: DEBUG: policy.c:184:cmpspidxstrict(): 
sub:0xbfbff944: 10.0.0.0/24[0] 0.0.0.0/0[0] proto=any dir=in
2004-04-27 20:53:45: DEBUG: policy.c:185:cmpspidxstrict(): db 
:0x80a1c08: 10.0.0.0/24[0] 0.0.0.0/0[0] proto=any dir=in
2004-04-27 20:53:45: DEBUG: pfkey.c:1636:pk_recvacquire(): suitable 
inbound SP found: 10.0.0.0/24[0] 0.0.0.0/0[0] proto=any dir=in.
2004-04-27 20:53:45: DEBUG: pfkey.c:1675:pk_recvacquire(): new 
acquire 0.0.0.0/0[0] 10.0.0.0/24[0] proto=any dir=out
2004-04-27 20:53:45: DEBUG: sainfo.c:112:getsainfo(): anonymous 
sainfo selected.
2004-04-27 20:53:45: DEBUG: proposal.c:828:printsaproto():  
(proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel 
reqi
d=0:0)
2004-04-27 20:53:45: DEBUG: proposal.c:862:printsatrns():   
(trns_id=3DES encklen=0 authtype=hmac-sha)
2004-04-27 20:53:45: DEBUG: proposal.c:862:printsatrns():   
(trns_id=3DES encklen=0 authtype=hmac-md5)
2004-04-27 20:53:45: DEBUG: proposal.c:862:printsatrns():   
(trns_id=BLOWFISH encklen=448 authtype=hmac-sha)
2004-04-27 20:53:45: DEBUG: proposal.c:862:printsatrns():   
(trns_id=BLOWFISH encklen=448 authtype=hmac-md5)
2004-04-27 20:53:45: DEBUG: proposal.c:862:printsatrns():   
(trns_id=RIJNDAEL encklen=128 authtype=hmac-sha)
2004-04-27 20:53:45: DEBUG: proposal.c:862:printsatrns():   
(trns_id=RIJNDAEL encklen=128 authtype=hmac-md5)
2004-04-27 20:53:45: DEBUG: remoteconf.c:129:getrmconf(): anonymous 
configuration selected for 10.0.0.10.
2004-04-27 20:53:45: INFO: isakmp.c:1713:isakmp_post_acquire(): 
request for establishing IPsec-SA was queued due to no phase1 found
.
2004-04-27 20:53:46: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey 
ACQUIRE message
2004-04-27 20:53:46: DEBUG: pfkey.c:1604:pk_recvacquire(): ignore the 
acquire because ph2 found
2004-04-27 20:53:46: DEBUG: sockmisc.c:421:sendfromto(): sockname 
10.0.0.1[500]
2004-04-27 20:53:46: DEBUG: sockmisc.c:423:sendfromto(): send packet 
from 10.0.0.1[500]
2004-04-27 20:53:46: DEBUG: sockmisc.c:425:sendfromto(): send packet 
to 10.0.0.10[500]
2004-04-27 20:53:46: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 
248 bytes message will be sent to 10.0.0.10[500]
2004-04-27 20:53:46: DEBUG: plog.c:193:plogdump():
055c6e2d 1a6f5cf0 00000000 00000000 01100400 00000000 000000f8 
04000038
00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 
000c0004
00015180 80010005 80030001 80020002 80040002 0a000084 740d9432 
471292e7
904d632f 29a2f3a5 aebdac90 1890488c ed630ccc a630afea 2c12c7c7 
5f33aee7
8cab687d e03c0f84 28267175 3674acaf 3105339b 0796e4df 737fcac3 
1e3cbdf7
34d1fe6d 0d65c16c 7f0125e6 7a71e10d 55473f4f 6ec53f95 b4d786bd 
a6656857
a377e251 bedcea49 05cd8477 ff460c16 fbfcd342 aea5ac79 05000014 
bf9a051a
8cbfbef6 30991dd7 190ff373 0000000c 011101f4 0a000001
2004-04-27 20:53:46: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend 
phase1 packet 055c6e2d1a6f5cf0:0000000000000000
2004-04-27 20:53:57: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey 
ACQUIRE message
2004-04-27 20:53:57: DEBUG: pfkey.c:1604:pk_recvacquire(): ignore the 
acquire because ph2 found
2004-04-27 20:54:06: DEBUG: sockmisc.c:421:sendfromto(): sockname 
10.0.0.1[500]
2004-04-27 20:54:06: DEBUG: sockmisc.c:423:sendfromto(): send packet 
from 10.0.0.1[500]
2004-04-27 20:54:06: DEBUG: sockmisc.c:425:sendfromto(): send packet 
to 10.0.0.10[500]
2004-04-27 20:54:06: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 
248 bytes message will be sent to 10.0.0.10[500]
2004-04-27 20:54:06: DEBUG: plog.c:193:plogdump():
055c6e2d 1a6f5cf0 00000000 00000000 01100400 00000000 000000f8 
04000038
00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 
000c0004
00015180 80010005 80030001 80020002 80040002 0a000084 740d9432 
471292e7
904d632f 29a2f3a5 aebdac90 1890488c ed630ccc a630afea 2c12c7c7 
5f33aee7
8cab687d e03c0f84 28267175 3674acaf 3105339b 0796e4df 737fcac3 
1e3cbdf7
34d1fe6d 0d65c16c 7f0125e6 7a71e10d 55473f4f 6ec53f95 b4d786bd 
a6656857
a377e251 bedcea49 05cd8477 ff460c16 fbfcd342 aea5ac79 05000014 
bf9a051a
8cbfbef6 30991dd7 190ff373 0000000c 011101f4 0a000001
2004-04-27 20:54:06: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend 
phase1 packet 055c6e2d1a6f5cf0:0000000000000000
2004-04-27 20:54:07: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey 
ACQUIRE message
2004-04-27 20:54:07: DEBUG: pfkey.c:1604:pk_recvacquire(): ignore the 
acquire because ph2 found
^C2004-04-27 20:54:10: INFO: session.c:299:check_sigreq(): caught 
signal 2
2004-04-27 20:54:10: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey 
FLUSH message
2004-04-27 20:54:10: DEBUG: schedule.c:210:sched_scrub_param(): an 
undead schedule has been deleted.
2004-04-27 20:54:11: DEBUG: pfkey.c:333:pfkey_dump_sadb(): call 
pfkey_send_dump
2004-04-27 20:54:11: DEBUG: schedule.c:210:sched_scrub_param(): an 
undead schedule has been deleted.
2004-04-27 20:54:11: INFO: session.c:180:close_session(): racoon 
shutdown
-- 
Dan Langille : http://www.langille.org/
BSDCan - http://www.bsdcan.org/

Bjoern A. Zeeb

2004-Apr-27 22:00 UTC

head link

IPsec works, but racoon/IKE does not

On Tue, 27 Apr 2004, Dan Langille wrote:
> I have no idea whatsoever as to why racoon/IKE does not work here.
>  I've tried various how-to documents but found nothing that works for
> me.
>
> Gateway (10.0.0.1) running 4.9-stable.
> Laptop (10.0.0.10) running 5.2.1-release.
...> I see this on the gateway.  Does this mean anything to anyone?
> Thanks.
not read the log but this is most likly the problem described in this
thread (along with solutions):

http://lists.freebsd.org/pipermail/freebsd-net/2004-March/003514.html


-- 
Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT
56 69 73 69 74				http://www.zabbadoz.net/

Dan Langille

2004-Apr-28 07:24 UTC

head link

IPsec works, but racoon/IKE does not

On 28 Apr 2004 at 4:56, Bjoern A. Zeeb wrote:
> On Tue, 27 Apr 2004, Dan Langille wrote:
> 
> > I have no idea whatsoever as to why racoon/IKE does not work here.
> >  I've tried various how-to documents but found nothing that works
for
> > me.
> >
> > Gateway (10.0.0.1) running 4.9-stable.
> > Laptop (10.0.0.10) running 5.2.1-release.
> ...
> > I see this on the gateway.  Does this mean anything to anyone?
> > Thanks.
> 
> not read the log but this is most likly the problem described in this
> thread (along with solutions):
> 
> http://lists.freebsd.org/pipermail/freebsd-net/2004-March/003514.html
Thank you!  That was it.  IKE just worked after these mods to my 
kernel:

remove:
options IPSEC
options IPSEC_ESP
options IPSEC_DEBUG
options INET6

add:
options FAST_IPSEC
device crypto

man fast_ipsec told me that there is no support for IPv6, which 
eventually led me to remove INET6 when the kernel would not compile.

-- 
Dan Langille : http://www.langille.org/
BSDCan - http://www.bsdcan.org/

Apparently Analagous Threads

Search for more apparently analagous threads

freebsd security - Apr 2004 - IPsec works, but racoon/IKE does not

IPsec works, but racoon/IKE does not

IPsec works, but racoon/IKE does not

IPsec works, but racoon/IKE does not

Apparently Analagous Threads