Hi
Running racoon on a Freebsd-4.11 machine gives a
kernel panic.
I am using the racoon from ports directory which comes
with the freebsd installation.
Steps followed are as shown below:
racoon -f /usr/local/etc/racoon/raccon.conf
setkey -f ipsec.conf
ping -c 1 <ip_of_the_other_gw>
The ping will lead into a crash.
The crash dump looks like for th ping packet it is
going to apply a SA.
It is going in "key_checkrequest" in key.c file and
crashing there.
As I know "key_checkrequest" is used to apply a
exsiting SA to a outgoing packet.
But in case of racoon the first ping packet is used
for negotiation with other gateway to establish the
SA.
I am not understading as to why it is going in
key_checkrequest ans crashing.
Please anyone who have used racoon with hfreebsd-4.11
can guide me if i am doing something wrong. The config
file is given below.
I have compiled the kernel with IPSEC ,IPSEC_ESP
options.
I am using a preshared key file.
my configuration file is given below:
#!/usr/local/bin/racoon
# CONFIGURATION FILE FOR 192.168.190.44
path include "/root";
path pre_shared_key "/root/psk.txt";
log debug2;
padding {
maximum_length 20;
randomize off;
strict_check off;
exclusive_tail off;
}
listen {
isakmp 192.168.190.43 [500];
}
timer {
counter 5;
interval 20 sec;
persend 1;
phase1 30 sec;
phase2 15 sec;
}
remote 192.168.190.43 {
exchange_mode main;
doi ipsec_doi;
situation identity_only;
my_identifier address 192.168.190.44;
peers_identifier address 192.168.190.43;
lifetime time 24 hour;
nonce_size 16;
initial_contact on;
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 1;
}
}
sainfo address 192.168.190.44 any address
192.168.190.43 any
{
pfs_group 1;
lifetime time 2 hour;
encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
Thanks in advance
Priya
__________________________________________________________
Yahoo! India Matrimony: Find your partner now. Go to http://yahoo.shaadi.com
On Wed, Dec 07, 2005 at 02:21:48PM +0000, priya yelgar wrote:> HiHi.> Running racoon on a Freebsd-4.11 machine gives a > kernel panic. > I am using the racoon from ports directory which comes > with the freebsd installation.It may not change lots of things for this kernel crash, but do you use port security/racoon (obsolete) or security/ipsec-tools ?> Steps followed are as shown below: > > racoon -f /usr/local/etc/racoon/raccon.conf > setkey -f ipsec.conf > > ping -c 1 <ip_of_the_other_gw>It would be really interesting if we could also have your ipsec.conf file.> The ping will lead into a crash. > The crash dump looks like for th ping packet it is > going to apply a SA. > It is going in "key_checkrequest" in key.c file and > crashing there. > > As I know "key_checkrequest" is used to apply a > exsiting SA to a outgoing packet.Not exactly. It searches for an existing SA for the packet, and sends an ACQUIRE message to the IKE daemon if needed.> But in case of racoon the first ping packet is used > for negotiation with other gateway to establish the > SA. > > I am not understading as to why it is going in > key_checkrequest ans crashing.There are 3 panic() in this function, could you give us the panic message ? Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com