Date: Fri, 3 Jan 2003 11:00:39 +1100 From: "Scott Penno" <scott.penno@gennex.com.au> To: <freebsd-questions@freebsd.org> Subject: Problems with IPSec Message-ID: <003c01c2b2bb$26770d00$0128a8c0@jupiter> References: <001f01c2b2bb$0bf04780$0128a8c0@jupiter>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi all,
Wasn't sure where I should ask for help with this problem, so I'm starting
here. If there's a more appropriate place, please let me know.
I have a FreeBSD box running -STABLE which has had IPSec working with other
hosts for quite some time without a problem. I've just setup another
FreeBSD box running 5.0-RC1 and am trying to establish a VPN tunnel but am
not getting too far. I'm using racoon and when attempting the negotiation
with debugging enabled, the following message appears:
2003-01-20 12:00:23: ERROR: pfkey.c:207:pfkey_handler(): pfkey ADD failed:
Invalid argument
and the following message is logged via syslog:
Jan 20 12:00:23 atlas kernel: key_mature: invalid AH key length 160 (128-128
allowed)
The relevant section of racoon.conf which is identical on both boxes is:
sainfo anonymous
{
pfs_group 1;
lifetime time 86400 sec;
encryption_algorithm 3des ;
authentication_algorithm hmac_sha1 ;
compression_algorithm deflate ;
}
The box running -STABLE has been working fine with this configuration so I'm
assuming the problem is with the box running 5.0-RC1. Interestingly, I've
also tried using des as the encryption algorithm and hmac_md5 as the
authentication algorithm and I receive the following error message:
racoon: failed to parse configuration file.
If anyone has any suggestions for a fix, or how I go about further
diagnosing this problem, I'd love to hear from you.
Regards,
Scott.
PS: Please CC replies as I'm not subscribed to the list.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003c01c2b2bb$26770d00$0128a8c0>