Hi Running racoon on a Freebsd-4.11 machine gives a kernel panic. I am using the racoon from ports directory which comes with the freebsd installation. Steps followed are as shown below: racoon -f /usr/local/etc/racoon/raccon.conf setkey -f ipsec.conf ping -c 1 <ip_of_the_other_gw> The ping will lead into a crash. The crash dump looks like for th ping packet it is going to apply a SA. It is going in "key_checkrequest" in key.c file and crashing there. As I know "key_checkrequest" is used to apply a exsiting SA to a outgoing packet. But in case of racoon the first ping packet is used for negotiation with other gateway to establish the SA. I am not understading as to why it is going in key_checkrequest ans crashing. Please anyone who have used racoon with hfreebsd-4.11 can guide me if i am doing something wrong. The config file is given below. I have compiled the kernel with IPSEC ,IPSEC_ESP options. I am using a preshared key file. my configuration file is given below: #!/usr/local/bin/racoon # CONFIGURATION FILE FOR 192.168.190.44 path include "/root"; path pre_shared_key "/root/psk.txt"; log debug2; padding { maximum_length 20; randomize off; strict_check off; exclusive_tail off; } listen { isakmp 192.168.190.43 [500]; } timer { counter 5; interval 20 sec; persend 1; phase1 30 sec; phase2 15 sec; } remote 192.168.190.43 { exchange_mode main; doi ipsec_doi; situation identity_only; my_identifier address 192.168.190.44; peers_identifier address 192.168.190.43; lifetime time 24 hour; nonce_size 16; initial_contact on; proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 1; } } sainfo address 192.168.190.44 any address 192.168.190.43 any { pfs_group 1; lifetime time 2 hour; encryption_algorithm 3des; authentication_algorithm hmac_sha1; compression_algorithm deflate; } Thanks in advance Priya __________________________________________________________ Yahoo! India Matrimony: Find your partner now. Go to http://yahoo.shaadi.com
On Wed, Dec 07, 2005 at 02:21:48PM +0000, priya yelgar wrote:> HiHi.> Running racoon on a Freebsd-4.11 machine gives a > kernel panic. > I am using the racoon from ports directory which comes > with the freebsd installation.It may not change lots of things for this kernel crash, but do you use port security/racoon (obsolete) or security/ipsec-tools ?> Steps followed are as shown below: > > racoon -f /usr/local/etc/racoon/raccon.conf > setkey -f ipsec.conf > > ping -c 1 <ip_of_the_other_gw>It would be really interesting if we could also have your ipsec.conf file.> The ping will lead into a crash. > The crash dump looks like for th ping packet it is > going to apply a SA. > It is going in "key_checkrequest" in key.c file and > crashing there. > > As I know "key_checkrequest" is used to apply a > exsiting SA to a outgoing packet.Not exactly. It searches for an existing SA for the packet, and sends an ACQUIRE message to the IKE daemon if needed.> But in case of racoon the first ping packet is used > for negotiation with other gateway to establish the > SA. > > I am not understading as to why it is going in > key_checkrequest ans crashing.There are 3 panic() in this function, could you give us the panic message ? Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com