From owner-freebsd-stable  Fri May  3 20:47:15 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from leviathan.inethouston.net (leviathan.inethouston.net [66.64.12.249])
	by hub.freebsd.org (Postfix) with ESMTP
	id 70CF437B404; Fri,  3 May 2002 20:47:12 -0700 (PDT)
Received: from dwcjr (unknown [192.168.0.248])
	by leviathan.inethouston.net (Postfix) with ESMTP
	id 10CBB31992E; Fri,  3 May 2002 22:47:13 -0500 (CDT)
Message-ID: <000701c1f31e$5f869af0$f800a8c0@dwcjr>
From: "David W. Chapman Jr." <dwcjr@inethouston.net>
To: "David Kelly" <dkelly@hiwaay.net>
Cc: <freebsd-stable@freebsd.org>, <sumikawa@freebsd.org>
References: <200205040258.g442w24I039100@grumpy.dyndns.org>
Subject: Re: port/racoon broken 
Date: Fri, 3 May 2002 22:47:11 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

> "David W. Chapman Jr." writes:
> > On Fri, May 03, 2002 at 12:26:30PM -0500, David Kelly wrote:
> > >
> > > May  3 03:09:44 Frisket /kernel: IPv4 ESP input: no key association
found for spi 37447490
> >
> > I'm having the same problem, I tried to get two sites with ipsec and
> > racoon to talk and they just wouldn't.  My screen showed the same
> > thing
>
> Am concerned a bit about this because my two ends *are* talking to each
> other with the new racoon. The link didn't come up until I started the
> 2nd racoon, so I feel like the racoons have done their thing. Or am I
> wrong? I know the link is speaking ESP because that and port 500 UDP is
> the only path thru my ipfw's.

ESP encrypts the packets, so if you were to tcpdump it you would only see
layer 3(tcpdump formats it nice).  The actual connect that's encrypted
doesn't speak over port 500.  IT appears as if yours is working though.  I
and a few other people cannot get as far as you though.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message