Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 10 Oct 2000 20:03:21 +0400
From:      "Igor" <igorp@mail.rbc.ru>
To:        <freebsd-security@freebsd.org>
Subject:   racoon problem
Message-ID:  <00b301c032d3$9cd97880$1aa7dac3@krovatka.ru>
next in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
i configure ipsec and racoon 

#ipsec.conf 
spdadd 1.1.1.1 2.2.2.2 any -P out ipsec
        esp/transport/1.1.1.1-2.2.2.2/require ;
spdadd 2.2.2.2 1.1.1.1 any -P in ipsec
        esp/transport/2.2.2.2-1.1.1.1/require ;

setkey -f ipsec.conf
 

#racoon.conf
path pre_shared_key "psk" ;
log debug4;
remote anonymous
{
        exchange_mode aggressive,main,base;
        identifier address;
        proposal_check obey;
        lifetime time 24 hour ; # sec,min,hour
        lifetime byte 100 MB ;  # B,KB,GB
        # phase 1 proposal (for ISAKMP SA)
        proposal {
                encryption_algorithm des ;
                hash_algorithm sha1;
                authentication_method pre_shared_key ;
                dh_group 2;
        }
}
# phase 2 proposal (for IPsec SA)
sainfo anonymous
{
        pfs_group 2;
        lifetime time 12 hour ;
        lifetime byte 50 MB ;
        encryption_algorithm des ;
        authentication_algorithm hmac_md5, hmac_sha1 ;
        compression_algorithm deflate ;
}
 
racoon -f racoon.conf

#psk
1.1.1.1          12345678
2.2.2.2          12345678

 
on phase 2
00-10-04 16:22:05: pfkey.c:193:pfkey_handler(): get pfkey ADD message
2000-10-04 16:22:05: pfkey.c:209:pfkey_handler(): pfkey ADD failed Invalid argument
 
I think the password for crypt packets at this time is must be established
what is wrong ?
 
 
 

[-- Attachment #2 --]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.3103.1000" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>
<DIV><FONT face=Arial size=2>
<DIV><FONT face=Arial size=2>i configure ipsec and racoon </FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>#ipsec.conf </FONT></DIV>
<DIV><FONT face=Arial size=2>spdadd 1.1.1.1 2.2.2.2 any -P out 
ipsec<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
esp/transport/1.1.1.1-2.2.2.2/require ;<BR>spdadd 2.2.2.2 1.1.1.1 any -P in 
ipsec<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
esp/transport/2.2.2.2-1.1.1.1/require ;</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>setkey -f ipsec.conf</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>#racoon.conf</FONT></DIV>
<DIV><FONT face=Arial size=2>path pre_shared_key "psk" ;</FONT></DIV>
<DIV><FONT face=Arial size=2>log debug4;</FONT></DIV>
<DIV><FONT face=Arial size=2>remote 
anonymous<BR>{<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; exchange_mode 
aggressive,main,base;</FONT></DIV>
<DIV><FONT face=Arial size=2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
identifier address;<BR></FONT><FONT face=Arial 
size=2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; proposal_check 
obey;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; lifetime time 24 hour ; # 
sec,min,hour<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; lifetime byte 100 MB 
;&nbsp; # B,KB,GB</FONT></DIV>
<DIV><FONT face=Arial size=2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # phase 
1 proposal (for ISAKMP SA)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
proposal 
{<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
encryption_algorithm des 
;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
hash_algorithm 
sha1;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
authentication_method pre_shared_key 
;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
dh_group 2;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR>}</FONT></DIV>
<DIV><FONT face=Arial size=2># phase 2 proposal (for IPsec SA)<BR>sainfo 
anonymous<BR>{<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; pfs_group 
2;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; lifetime time 12 hour 
;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; lifetime byte 50 MB 
;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; encryption_algorithm des 
;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; authentication_algorithm 
hmac_md5, hmac_sha1 ;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
compression_algorithm deflate ;<BR>}</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>racoon -f racoon.conf<BR></FONT></DIV>
<DIV><FONT face=Arial size=2>#psk</FONT></DIV>
<DIV><FONT face=Arial size=2>1.1.1.1 &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; 
12345678</FONT></DIV>
<DIV><FONT face=Arial 
size=2>2.2.2.2&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;12345678</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>&nbsp;</DIV></FONT>
<DIV><FONT face=Arial size=2>on phase 2</FONT></DIV>
<DIV><FONT face=Arial size=2>00-10-04 16:22:05: pfkey.c:193:pfkey_handler(): get 
pfkey ADD message<BR>2000-10-04 16:22:05: pfkey.c:209:pfkey_handler(): pfkey ADD 
failed Invalid argument</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>I think the password for crypt packets at this time 
is must be established</FONT></DIV>
<DIV><FONT face=Arial size=2>what is wrong ?</FONT></DIV>
<DIV><FONT face=Arial size=2>&nbsp;</DIV></FONT>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial 
size=2>&nbsp;</DIV></FONT></FONT></DIV></FONT></DIV></BODY></HTML>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00b301c032d3$9cd97880$1aa7dac3>