From owner-freebsd-questions  Thu Oct 31  2:44:47 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id C21CA37B401; Thu, 31 Oct 2002 02:44:44 -0800 (PST)
Received: from ns.gddsn.org.cn (ns.gddsn.org.cn [210.21.6.33])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 1355743E4A; Thu, 31 Oct 2002 02:44:44 -0800 (PST)
	(envelope-from wsk@ns.gddsn.org.cn)
Received: from mail.gddsn.org.cn (wsk [192.168.168.136])
	by ns.gddsn.org.cn (Postfix) with ESMTP
	id 77C4638CCDA; Thu, 31 Oct 2002 18:44:29 +0800 (CST)
Message-ID: <3DC1098D.3060704@mail.gddsn.org.cn>
Date: Thu, 31 Oct 2002 18:44:29 +0800
From: suken woo <wsk@mail.gddsn.org.cn>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0.1) Gecko/20021007
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-security@freebsd.org,
	freebsd-questions <freebsd-questions@freebsd.org>,
	freebsd-stable@freebsd.org
Subject: why my kernel log always said: /kernel: IPv4 ESP input: no key association
 found for spi xxxxxx
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

running racoon&ipsec on my FBSD4.6-STABLE.the kernel log always sai
/kernel: IPv4 ESP input: no key association found for spi
and the worsed problem is that :
    sometime my box can not connect to the other peers for long time before
 restart racoon. especially, if two peers restart racoon on same time , 
It would
connected soon? what's the problem?
any help with appreciates:
PS: here's my racoon.conf

log notify;
path pre_shared_key "/usr/local/etc/racoon/psk.txt" ;

listen{
    isakmp xxx.xxx.xxx.xxx [500];
}

remote anonymous
{
    #exchange_mode main,aggressive;
    exchange_mode aggressive,main;
    doi ipsec_doi;
    situation identity_only;
    nonce_size 16;
    lifetime time 2 hour;    # sec,min,hour
    initial_contact on;
    support_mip6 on;
    proposal_check obey;    # obey, strict or claim

    proposal {
        encryption_algorithm 3des;
        hash_algorithm sha1;
        authentication_method pre_shared_key ;
        dh_group 2 ;
    }
}

sainfo anonymous
{
    pfs_group 2;
    lifetime time 1 hour;
    encryption_algorithm 3des ;
    authentication_algorithm hmac_sha1;
    compression_algorithm deflate ;
}


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message