Date: Sat, 2 Feb 2002 16:48:18 -0800 (PST) From: Frank Drebin <frank@mini.chicago.com> To: freebsd-security@freebsd.org Subject: Racoon/sainfo - 'no policy found' Message-ID: <200202030048.QAA49670@mini.chicago.com>
next in thread | raw e-mail | index | archive | help
I'm trying to get working a 'standard' vpn setup. That is, I have a FreeBSD (4.2) machine runing NAT, IPFilter, IPSec, Racoon (version 20011215a) among other things. I want to connect to it using Windows 98 and PGPNet (I've tried 6.5.8 and 7.0.3) over the internet. No matter what I do, I get 'no policy found' followed by 'failed to get proposal for responder'. I should point out that I *HAVE* gotten this whole thing to work when I replaced the '98 side with another FBSD machine (4.4) running racoon (same version) along with all the other appropriate pieces. I've attached a section of the log file generated when trying to connect from '98. My racoon.conf is just a copy of the one that comes with the distribution. It works for FBSD<->FBSD, why doesn't it work with PGPNet? Oh, and in searching through the mailing lists I came across a patch someone suggested for something similar. I tried that too - no joy. Any help, suggestions, etc. would be greatly appreciated! Thanks ------------- . . . 2002-01-31 17:18:45: DEBUG: oakley.c:755:oakley_compute_hash1(): HASH computed: 2002-01-31 17:18:45: DEBUG: plog.c:193:plogdump(): 79d4fa1b 6c2b6af5 91173e15 f7f8729f 6215747a 2002-01-31 17:18:45: DEBUG: sainfo.c:100:getsainfo(): anonymous sainfo selected.2002-01-31 17:18:45: DEBUG: isakmp_quick.c:1815:get_sainfo_r(): get sa info: anonymous . . . 2002-01-31 17:18:45: DEBUG: sainfo.c:100:getsainfo(): anonymous sainfo selected.2002-01-31 17:18:45: DEBUG: isakmp_quick.c:1815:get_sainfo_r(): get sa info: anonymous 2002-01-31 17:18:45: DEBUG: isakmp_quick.c:1907:get_proposal_r(): get a destination address of SP index from phase1 address due to no ID payloads found OR because ID type is not address. 2002-01-31 17:18:45: DEBUG: isakmp_quick.c:1968:get_proposal_r(): get a source address of SP index from phase1 address due to no ID payloads found OR because ID type is not address. 2002-01-31 17:18:45: DEBUG: isakmp_quick.c:1993:get_proposal_r(): get a src address from ID payload WINDOWS-EXTERNAL[0] prefixlen=32 ul_proto=0 2002-01-31 17:18:45: DEBUG: isakmp_quick.c:1998:get_proposal_r(): get dst address from ID payload FBSD-EXTERNAL[0] prefixlen=32 ul_proto=0 2002-01-31 17:18:45: DEBUG: policy.c:216:cmpspidxwild(): sub:0xbfbff6b0: WINDOWS-EXTERNAL[0] FBSD-EXTERNAL[0] proto=any dir=in 2002-01-31 17:18:45: DEBUG: policy.c:217:cmpspidxwild(): db: 0x80a3a08: WINDOWS-INTERNAL[0] FBSD-INTERNAL[0] proto=any dir=in 2002-01-31 17:18:45: DEBUG: policy.c:244:cmpspidxwild(): 0xbfbff6b0 masked with /24: WINDOWS-EXTERNAL/24[0] 2002-01-31 17:18:45: DEBUG: policy.c:246:cmpspidxwild(): 0x80a3a08 masked with /24: WINDOWS-INTERNAL/24[0] 2002-01-31 17:18:45: DEBUG: policy.c:216:cmpspidxwild(): sub:0xbfbff6b0: WINDOWS-EXTERNAL[0] FBSD-EXTERNAL[0] proto=any dir=in 2002-01-31 17:18:45: DEBUG: policy.c:217:cmpspidxwild(): db: 0x80a3e08: FBSD-INTERNAL/24[0] WINDOWS-INTERNAL/24[0] proto=any dir=out 2002-01-31 17:18:45: ERROR: isakmp_quick.c:2028:get_proposal_r(): no policy found: WINDOWS-EXTERNAL[0] UNIX-EXTERNAL/32[0] proto=any dir=in 2002-01-31 17:18:45: ERROR: isakmp_quick.c:1069:quick_r1recv(): failed to get proposal for responder. 2002-01-31 17:18:45: ERROR: isakmp.c:1060:isakmp_ph2begin_r(): failed to pre-process packet. . . . To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202030048.QAA49670>