Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Apr 2001 14:51:28 +0000
From:      Graham Wheeler <gram@cequrux.com>
To:        questions@freebsd.org
Subject:   IPsec kernel error: key_aquire2: invalid sequence number is passed
Message-ID:  <3AD5C0F0.6F9C5667@cequrux.com>

next in thread | raw e-mail | index | archive | help
Hi all

I am trying to get my laptop to communicate via IPsec with a remote LAN
which has a FreeBSD-based firewall with IPsec and racoon.

I have in the past had gateway-to-gateway tunnel-mode IPsec working, and
am essentially trying to replace the one gateway with a single host. I
have replaced the network addresses and masks for that side with a
32-bit mask/address which is the same as the gateway (laptop) address.

Things seem to progress reasonably far, at least to or possibly beyond
the point where the shared secret is checked, but I then see a kernel
message "key_aquire2: invalid sequence number is passed".

I'm not sure whether this is due to a misconfiguration on my part
(although my config files seem very straightforward), or whether it
could be an incompatibility between the two FreeBSD's IPsec versions.
The firewall is running FreeBSD 2.2.8 with one of the last 2.2.8
compatible KAME releases, while my laptop is running today's 4.2-S (or
4.3-CR).

Anyone have a better idea what the cause may be?

I'm hoping that I can get this working, and then add some kludges to
racoon to get it to create the SPD entries itself after key negotation,
so that I can eventually use tunnel mode with the laptop having a
dynamically assigned IP address. I kludged this some time back when the
laptop was running F-Secure's VPN client under MS-Windows, but racoon
has changed quite a bit since then and I need to make different changes
this time around it seems.

gram

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AD5C0F0.6F9C5667>