From owner-freebsd-security@FreeBSD.ORG Wed Dec 7 14:26:38 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E0FE16A436 for ; Wed, 7 Dec 2005 14:26:36 +0000 (GMT) (envelope-from yelgar_priya@yahoo.co.in) Received: from web8512.mail.in.yahoo.com (web8512.mail.in.yahoo.com [202.43.219.105]) by mx1.FreeBSD.org (Postfix) with SMTP id 7926D43D79 for ; Wed, 7 Dec 2005 14:26:30 +0000 (GMT) (envelope-from yelgar_priya@yahoo.co.in) Received: (qmail 84071 invoked by uid 60001); 7 Dec 2005 14:21:48 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.co.in; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=c8whkOeBg17Q1T4Ww9Piu9Yor3+m2ndYc7pdEk1GnnAeMljIN/w6fWjt7Fwqm8X+Jax5dwHZXfO7rd5opRKiqRkcUZMxCT+JHLAODyU6apRYLXEflWkIWzT13x4PYTf8z5jVjjqN5hD4apsiCQ6sFQ9tMG/XobLI7c2Jjw60IBQ= ; Message-ID: <20051207142148.84069.qmail@web8512.mail.in.yahoo.com> Received: from [202.63.105.146] by web8512.mail.in.yahoo.com via HTTP; Wed, 07 Dec 2005 14:21:48 GMT Date: Wed, 7 Dec 2005 14:21:48 +0000 (GMT) From: priya yelgar To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailman-Approved-At: Wed, 07 Dec 2005 14:29:41 +0000 Subject: racoon with freebsd-4.11 crashes X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Dec 2005 14:26:38 -0000 Hi Running racoon on a Freebsd-4.11 machine gives a kernel panic. I am using the racoon from ports directory which comes with the freebsd installation. Steps followed are as shown below: racoon -f /usr/local/etc/racoon/raccon.conf setkey -f ipsec.conf ping -c 1 The ping will lead into a crash. The crash dump looks like for th ping packet it is going to apply a SA. It is going in "key_checkrequest" in key.c file and crashing there. As I know "key_checkrequest" is used to apply a exsiting SA to a outgoing packet. But in case of racoon the first ping packet is used for negotiation with other gateway to establish the SA. I am not understading as to why it is going in key_checkrequest ans crashing. Please anyone who have used racoon with hfreebsd-4.11 can guide me if i am doing something wrong. The config file is given below. I have compiled the kernel with IPSEC ,IPSEC_ESP options. I am using a preshared key file. my configuration file is given below: #!/usr/local/bin/racoon # CONFIGURATION FILE FOR 192.168.190.44 path include "/root"; path pre_shared_key "/root/psk.txt"; log debug2; padding { maximum_length 20; randomize off; strict_check off; exclusive_tail off; } listen { isakmp 192.168.190.43 [500]; } timer { counter 5; interval 20 sec; persend 1; phase1 30 sec; phase2 15 sec; } remote 192.168.190.43 { exchange_mode main; doi ipsec_doi; situation identity_only; my_identifier address 192.168.190.44; peers_identifier address 192.168.190.43; lifetime time 24 hour; nonce_size 16; initial_contact on; proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 1; } } sainfo address 192.168.190.44 any address 192.168.190.43 any { pfs_group 1; lifetime time 2 hour; encryption_algorithm 3des; authentication_algorithm hmac_sha1; compression_algorithm deflate; } Thanks in advance Priya __________________________________________________________ Yahoo! India Matrimony: Find your partner now. Go to http://yahoo.shaadi.com