Displaying 20 results from an estimated 300 matches similar to: "Note to Racoon users (IKE/ISAKMP daemon)"
2004 Apr 07
1
Possible security hole in racoon verified on FreeBSD using racoon-20030711
Hi,
while testing racoon on Linux (based on the ported ipsec-tools) the
following issue appeared:
Racoon did not verify the RSA Signatures during Phase 1 in either main
or aggressive mode.
Authentication was possible using a correct certificate and a wrong
private key.
I have verified the below problem using racoon-20030711 on FreeBSD 4.9. I will test
it using the SNAP Kit but suspect it to be
2004 May 13
1
Updated ipsec-tools fixes vulnerabilities in racoon (the ISAKMP daemon)
There is an update to ipsec-tools for CentOS 3.1
https://rhn.redhat.com/errata/RHSA-2004-165.html refers.
Updated files are :-
updates/i386/RPMS/ipsec-tools-0.2.5-0.4.i386.rpm
updates/i386/SRPMS/ipsec-tools-0.2.5-0.4.src.rpm
which is also dependant on :-
updates/i386/RPMS/initscripts-7.31.13.EL-1.centos.1.i386.rpm
updates/i386/SRPMS/initscripts-7.31.13.EL-1.centos.1.src.rpm
These are
2004 Apr 27
2
IPsec works, but racoon/IKE does not
I have no idea whatsoever as to why racoon/IKE does not work here.
I've tried various how-to documents but found nothing that works for
me.
Gateway (10.0.0.1) running 4.9-stable.
Laptop (10.0.0.10) running 5.2.1-release.
Both running racoon-20040408a
On the gateway 10.0.0.1
# cat /etc/ipsec.conf
add 10.0.0.1 10.0.0.10 esp 691 -E rijndael-cbc "1234567890123456" -A
hmac-sha1
2008 Feb 06
2
What about FreeBSD? - KAME Project "ipcomp6_input()" Denial of Service
TITLE:
KAME Project "ipcomp6_input()" Denial of Service
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
DESCRIPTION:
A vulnerability has been reported in the KAME Project, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within the
"ipcomp6_input()" function in
2005 Jan 14
1
debugging encrypted part of isakmp
Are there any tools to decode encrypted part of isakmp provided that
identities of both peers are known to me and that I am able to observe
the whole exchange ?
--
Andriy Gapon
2004 Oct 22
0
IPSec tunnel mode with IKE daemon
Hi all.
The IPSec part of the LARTC howto is great, but I''ve hit a problem in
7.3. IPSEC tunnels. The example given is for manual keying:
add 10.0.0.216 10.0.0.11 esp 34501
-m tunnel
-E 3des-cbc "123456789012123456789012";
How does one setup "tunnel mode" using racoon?
Trying to setup an ipsec tunnel between two subnets: 10.10.42.0/24 and
10.1.1.0/24 using a
2004 Jul 26
1
Cisco IOS and racoon
I am trying to get a tunnel from a cisco 1760 with IOS 12.2.15.t13 to a
freebsd 4.9 install with racoon. I have package version
freebsd-20040408a and internal version 20001216 in my log file.
I posted the full racoon and cisco log below my configs.
Racoon keeps saying:
2004-07-26 16:24:03: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
2004-07-26 16:24:03: DEBUG:
2005 Dec 07
1
racoon with freebsd-4.11 crashes
Hi
Running racoon on a Freebsd-4.11 machine gives a
kernel panic.
I am using the racoon from ports directory which comes
with the freebsd installation.
Steps followed are as shown below:
racoon -f /usr/local/etc/racoon/raccon.conf
setkey -f ipsec.conf
ping -c 1 <ip_of_the_other_gw>
The ping will lead into a crash.
The crash dump looks like for th ping packet it
2004 Jan 08
1
Windows 2000 <-> FreeBSD IPsec problem
Hi,
I am trying to setup an IPSEC transport between a Windows 2000 box
and a FreeBSD server for a customer... Both systems are on live
public IP's and packets are not filtered by any intermediate systems
or firewalls/routers in between.
I have the following setup:
Windows 2000 box: 1.1.1.2
FreeBSD Server: 2.2.2.3
(The actual IP's have been changed to above to protect the innocent..)
2014 Jun 23
1
Re: [netcf]IFF_RUNNING flag on a bridge device
On 28.05.2014 15:27, Laine Stump wrote:
> On 05/27/2014 09:07 AM, Jianwei Hu wrote:
>> Hi All,
>>
>> I have one netcf question, please help me to resolve it, thanks.
>>
>> I can set a IFF_RUNNING flag to a bridge device which are no interface device attached. What status of a flag on a bridge device in current kernel?(w/o interface), is this a new change in kernel
2004 Jan 13
3
IPSEC btwn stable and Linksys BEFVP41 stopped working.
Hi,
I have been using IPsec to communicate between a laptop that tracks
-stable and a Linksys BEFVP41 router.
I only use it infrequently, but it's been working great. My setup is
as described in http://grapeape.alerce.com/linksys-ipsec/article.html
(which I am planning to submit to the handbook when it's done).
I'm no longer able to make an ipsec connection, and I can't put my
2005 Apr 21
1
Fwd: (KAME-snap 9012) racoon in the kame project
FYI, looks like support for Racoon is ending. Does anyone have any
experience with the version in ipsec-tools ?
---Mike
>Racoon users,
>
>This is the announcement that the kame project will quit providing
>a key management daemon, the racoon, and that "ipsec-tools" will become
>the formal team to release the racoon.
>The final release of the racoon in the
2019 Nov 11
13
[Bug 1381] New: Conntrackd segfaults when committing external caches
https://bugzilla.netfilter.org/show_bug.cgi?id=1381
Bug ID: 1381
Summary: Conntrackd segfaults when committing external caches
Product: conntrack-tools
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: conntrack-daemon
2004 May 16
1
Way to ignore portaudit results?
Hello,
The mysql40-client port currently reports a security
problem when I try to install it:
neely:/usr/ports/databases/mysql40-client$ make
===> mysql-client-4.0.18_1 has known vulnerabilities:
>> MySQL insecure temporary file creation (mysqlbug).
Reference:
<http://people.freebsd.org/~eik/portaudit/2e129846-8fbb-11d8-8b29-0020ed76ef5a.html>
>> Please update your ports
2004 May 03
1
Bad VuXML check on PNG port ?
Hello,
The current png-1.2.5_4 port has no more vulnerability.
It has been corrected by ache@FreeBSD.org yesterday.
But when i try to install the updated port to remplace
the vulnerable one this is what i am told :
# make install
===> png-1.2.5_4 has known vulnerabilities:
>> libpng denial-of-service.
Reference:
2007 May 24
2
OT: Racoon with virtual ip (roadwarrior client)
Hi all,
Somebody can explains me how can I configure ipsec-tools package to use
private virtual ip address as an openswan does or some doc/howto about it??
I have seen this howto, but doesn't works for me:
http://www.howtoforge.com/racoon_roadwarrior_vpn
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
2007 Mar 22
0
Racoon ERROR: Invalid CR type 0
SuSE10.2
Linux Kernel 2.6.18 Patched,
Whenever I try to establish a connection raccoon fails giving the
following error.
Raccoon config #################
remote 67.101.176.***
{
exchange_mode main,aggressive;
doi ipsec_doi;
situation identity_only;
my_identifier address;
send_cr off;
send_cert off;
lifetime time 2 min;
2004 Apr 03
0
IPSec Racoon and Port Forwarding
Hello,
I have given myself quite the headache trying to make this VPN work correctly. I am attempting to use racoon to establish keys and construct an encrypted tunnel between one host(A.A.A.A) with a routable IP address and another that has a private address(10.0.0.2) with a cable modem(B.B.B.B) forwarding all ports to the private address(10.0.0.2). Here is a quick topographic dipiction of the
2006 Nov 20
2
which windows software can communicate with ipsec(racoon)?
I have tested cisco vpn software,found build the phase ONE successfully,but
phase two can't build up.
Anyone have advice??
2008 Jul 17
1
racoon and ipsec issues
I am attempting to create an ipsec tunnel between two CentOS 5.1
systems, network-to-network with two different 192.168.xxx.0/24
LAN segments. I have gone through the documentation on the
centos web site, and have the machines to the point where the
/var/log/messages show ``IPsec-SA established'' on both machines
after runnig ``ifup ipsec0'' (same ipsec0 on each machine).
IP