Date: Wed, 14 Jan 2004 16:59:36 +0100 From: "Sessler, Enrico" <Enrico.Sessler@sca.com> To: "'freebsd-current@freebsd.org'" <freebsd-current@freebsd.org> Cc: "Sessler, Enrico" <Enrico.Sessler@sca.com> Subject: IPSEC with racoon on FreeBSD 5.2-CURRENT Message-ID: <9FCD15C952BD734DB8377A36E5032EF2F50E46@de-raub-mail1.hygiene.sca.se>
next in thread | raw e-mail | index | archive | help
Hello, have set up IPSEC VPN tunnels between FreeBSD 5.1-RELEASE boxes using racoon - no problem. A few days ago I installed 2 new servers with FreeBSD 5.2-CURRENT (compiled with IPSEC and IPFW options) and racoon with the same configuration. Now racoon stop after phase1. Below what it tells me in verbose mode (ip addresses forged). Any idea what can be the problem? Did anybody get IPSEC with racoon running on FreeBSD 5.2-CURRENT? ############################################################### Foreground mode. 2004-01-12 16:12:10: INFO: main.c:172:main(): @(#)package version freebsd-20030826a 2004-01-12 16:12:10: INFO: main.c:174:main(): @(#)internal version = 20001216 sakane@kame.net 2004-01-12 16:12:10: INFO: main.c:175:main(): @(#)This product linked OpenSSL 0.9.7c 30 Sep 2003 (http://www.openssl.org/) 2004-01-12 16:12:10: WARNING: cftoken.l:514:yywarn(): /usr/local/etc/racoon/racoon.conf:54: "support_mip6" it is obsoleted. = use "support_proxy". 2004-01-12 16:12:10: INFO: isakmp.c:1358:isakmp_open(): = fe80::1%lo0[500] used as isakmp port (fd=3D5) 2004-01-12 16:12:10: INFO: isakmp.c:1358:isakmp_open(): ::1[500] used = as isakmp port (fd=3D6) 2004-01-12 16:12:10: INFO: isakmp.c:1358:isakmp_open(): 127.0.0.1[500] = used as isakmp port (fd=3D7) 2004-01-12 16:12:10: INFO: isakmp.c:1358:isakmp_open(): fe80::202:b3ff:fed9:b8fa%fxp0[500] used as isakmp port (fd=3D8) 2004-01-12 16:12:10: INFO: isakmp.c:1358:isakmp_open(): = 11.11.11.11[500] used as isakmp port (fd=3D9) 2004-01-12 16:12:10: INFO: isakmp.c:1358:isakmp_open(): fe80::20b:cdff:fe6d:2ae1%bge0[500] used as isakmp port (fd=3D10) 2004-01-12 16:12:10: INFO: isakmp.c:1358:isakmp_open(): 10.113.2.2[500] = used as isakmp port (fd=3D11) 2004-01-12 16:12:14: INFO: isakmp.c:894:isakmp_ph1begin_r(): respond = new phase 1 negotiation: 11.11.11.11[500]<=3D>22.22.22.22[500] 2004-01-12 16:12:14: INFO: isakmp.c:899:isakmp_ph1begin_r(): begin Aggressive mode. 2004-01-12 16:12:14: NOTIFY: oakley.c:2040:oakley_skeyid(): couldn't = find the proper pskey, try to get one by the peer's address. 2004-01-12 16:12:14: INFO: isakmp.c:1703:isakmp_post_acquire(): request = for establishing IPsec-SA was queued due to no phase1 found. ################################################################# Mit freundlichen Gr=FCssen / Best regards Enrico Sessler=20 SGN - SCA Global Network Tel.: +49 (0) 8035 80-611 Mobile: +49 (0) 172 86 59 723 Fax: +49 (0) 8035 80-610 mailto:Enrico.Sessler@sca.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9FCD15C952BD734DB8377A36E5032EF2F50E46>