From owner-freebsd-current@FreeBSD.ORG Wed Jan 14 08:00:30 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B4C7C16A4CE for ; Wed, 14 Jan 2004 08:00:30 -0800 (PST) Received: from tilion.sgn.sca.se (tilion.sgn.sca.se [195.124.135.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id E676A43D5C for ; Wed, 14 Jan 2004 07:59:32 -0800 (PST) (envelope-from Enrico.Sessler@sca.com) Received: from de-raub-mail1.hygiene.sca.se (de-raub-mail1.hygiene.sca.se [10.80.8.81]) by tilion.sgn.sca.se (8.12.10/8.12.9) with ESMTP id i0EG1plr090697 for ; Wed, 14 Jan 2004 17:01:52 +0100 (CET) Received: by de-raub-mail1.hygiene.sca.se with Internet Mail Service (5.5.2657.72) id ; Wed, 14 Jan 2004 16:59:40 +0100 Message-ID: <9FCD15C952BD734DB8377A36E5032EF2F50E46@de-raub-mail1.hygiene.sca.se> From: "Sessler, Enrico" To: "'freebsd-current@freebsd.org'" Date: Wed, 14 Jan 2004 16:59:36 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-SGN-MailScanner-Information: Please contact helpdesk@sgn.sca.se for more information X-SGN-MailScanner: Found to be clean cc: "Sessler, Enrico" Subject: IPSEC with racoon on FreeBSD 5.2-CURRENT X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2004 16:00:30 -0000 Hello, have set up IPSEC VPN tunnels between FreeBSD 5.1-RELEASE boxes using racoon - no problem. A few days ago I installed 2 new servers with FreeBSD 5.2-CURRENT (compiled with IPSEC and IPFW options) and racoon with the same configuration. Now racoon stop after phase1. Below what it tells me in verbose mode (ip addresses forged). Any idea what can be the problem? Did anybody get IPSEC with racoon running on FreeBSD 5.2-CURRENT? ############################################################### Foreground mode. 2004-01-12 16:12:10: INFO: main.c:172:main(): @(#)package version freebsd-20030826a 2004-01-12 16:12:10: INFO: main.c:174:main(): @(#)internal version = 20001216 sakane@kame.net 2004-01-12 16:12:10: INFO: main.c:175:main(): @(#)This product linked OpenSSL 0.9.7c 30 Sep 2003 (http://www.openssl.org/) 2004-01-12 16:12:10: WARNING: cftoken.l:514:yywarn(): /usr/local/etc/racoon/racoon.conf:54: "support_mip6" it is obsoleted. = use "support_proxy". 2004-01-12 16:12:10: INFO: isakmp.c:1358:isakmp_open(): = fe80::1%lo0[500] used as isakmp port (fd=3D5) 2004-01-12 16:12:10: INFO: isakmp.c:1358:isakmp_open(): ::1[500] used = as isakmp port (fd=3D6) 2004-01-12 16:12:10: INFO: isakmp.c:1358:isakmp_open(): 127.0.0.1[500] = used as isakmp port (fd=3D7) 2004-01-12 16:12:10: INFO: isakmp.c:1358:isakmp_open(): fe80::202:b3ff:fed9:b8fa%fxp0[500] used as isakmp port (fd=3D8) 2004-01-12 16:12:10: INFO: isakmp.c:1358:isakmp_open(): = 11.11.11.11[500] used as isakmp port (fd=3D9) 2004-01-12 16:12:10: INFO: isakmp.c:1358:isakmp_open(): fe80::20b:cdff:fe6d:2ae1%bge0[500] used as isakmp port (fd=3D10) 2004-01-12 16:12:10: INFO: isakmp.c:1358:isakmp_open(): 10.113.2.2[500] = used as isakmp port (fd=3D11) 2004-01-12 16:12:14: INFO: isakmp.c:894:isakmp_ph1begin_r(): respond = new phase 1 negotiation: 11.11.11.11[500]<=3D>22.22.22.22[500] 2004-01-12 16:12:14: INFO: isakmp.c:899:isakmp_ph1begin_r(): begin Aggressive mode. 2004-01-12 16:12:14: NOTIFY: oakley.c:2040:oakley_skeyid(): couldn't = find the proper pskey, try to get one by the peer's address. 2004-01-12 16:12:14: INFO: isakmp.c:1703:isakmp_post_acquire(): request = for establishing IPsec-SA was queued due to no phase1 found. ################################################################# Mit freundlichen Gr=FCssen / Best regards Enrico Sessler=20 SGN - SCA Global Network Tel.: +49 (0) 8035 80-611 Mobile: +49 (0) 172 86 59 723 Fax: +49 (0) 8035 80-610 mailto:Enrico.Sessler@sca.com