From owner-freebsd-net  Fri Nov  9 16:13:59 2001
Delivered-To: freebsd-net@freebsd.org
Received: from angui.sh (angui.sh [216.27.181.149])
	by hub.freebsd.org (Postfix) with ESMTP id 8D74F37B416
	for <freebsd-net@freebsd.org>; Fri,  9 Nov 2001 16:13:52 -0800 (PST)
Received: from localhost (wfroning@localhost)
	by angui.sh (8.11.6/8.11.4) with ESMTP id fAA0E8x52907;
	Fri, 9 Nov 2001 16:14:08 -0800 (PST)
	(envelope-from wfroning@angui.sh)
Date: Fri, 9 Nov 2001 16:14:08 -0800 (PST)
From: Will Froning <wfroning@angui.sh>
To: <freebsd-net@freebsd.org>
Cc: <wfroning@angui.sh>
Subject: IPSec w/SonicWall IKE
Message-ID: <20011109135801.X25048-100000@angui.sh>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

OS: FreeBSD4.3
Software: Racoon-20010322


I'm attempting to connect a FBSD4.3 box to a SonicWall VPN solution.  I
think I have everything configured correctly, but I keep getting this
error mesg and I'm unable to reach the IPs on the other end:

2001-11-09 13:56:51: INFO: isakmp.c:1618:isakmp_post_acquire(): request
for establishing IPsec-SA was queued due to no phase1 found.
2001-11-09 13:56:54: DEBUG: isakmp.c:1370:isakmp_ph1resend(): resend
phase1 packet 1b770e442d645209:0000000000000000

I can never seem to get the session working correctly.  If I'm not giving
the correct data, or not enough, please ask.  Please cc me on the reply as
I'm not on the list.

Thanks,
Will

Here is my config file for racoon.

/usr/local/etc/racoon/racoon.conf
path include "/usr/local/etc/racoon" ;
path pre_shared_key "/usr/local/etc/racoon/psk.txt" ;
log debug;
remote anonymous
{
        proposal {
                encryption_algorithm 3des;
                hash_algorithm md5;
                authentication_method pre_shared_key ;
                dh_group 2 ;
        }
}

sainfo anonymous
{
        pfs_group 1;
        lifetime time 12 hour;
        lifetime byte 50 MB;
        encryption_algorithm 3des,des,cast128,blowfish ;
        authentication_algorithm hmac_sha1,hmac_md5 ;
        compression_algorithm deflate ;
}

wfroning# setkey -DP
192.168.1.0/24[any] XXX.XXX.XXX.158[any] any
        in ipsec
        esp/tunnel/XXX.XXX.XXX.131-XXX.XXX.XXX.158/require
        spid=2 seq=1 pid=561
        refcnt=1
XXX.XXX.XXX.158[any] 192.168.1.0/24[any] any
        out ipsec
        esp/tunnel/XXX.XXX.XXX.158-XXX.XXX.XXX.131/require
        spid=1 seq=0 pid=561
        refcnt=1

-- 
Will Froning
Unix Sys. Admin.
wfroning@angui.sh



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message