From owner-freebsd-security Thu Sep 6 7:38:13 2001 Delivered-To: freebsd-security@freebsd.org Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11]) by hub.freebsd.org (Postfix) with ESMTP id 6FF8237B403 for ; Thu, 6 Sep 2001 07:38:09 -0700 (PDT) Received: from cairo.anu.edu.au (localhost [127.0.0.1]) by cairo.anu.edu.au (8.12.0.Beta16/8.12.0.Beta16) with ESMTP id f86Ec3r7020427; Fri, 7 Sep 2001 00:38:03 +1000 (EST) Received: (from avalon@localhost) by cairo.anu.edu.au (8.12.0.Beta16/8.12.0.Beta16) id f86Ec2Mq020422; Fri, 7 Sep 2001 00:38:02 +1000 (EST) From: Darren Reed Message-Id: <200109061438.f86Ec2Mq020422@cairo.anu.edu.au> Subject: Re: Racoon IPSEC issues To: anderson@centtech.com Date: Fri, 7 Sep 2001 00:38:02 +1000 (Australia/NSW) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <3B978211.EB11940E@centtech.com> from "Eric Anderson" at Sep 06, 2001 09:02:57 AM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In some mail from Eric Anderson, sie said: [...] > 2001-09-06 08:51:55: INFO: isakmp.c:965:isakmp_ph2begin_r(): responde > new phase 2 negotiation: xx.yy.zz.60[0]<=>xx.yy.zz.128[0] > 2001-09-06 08:51:55: ERROR: proposal.c:951:set_proposal_from_policy(): > not supported nested SA. Ignore. > 2001-09-06 08:51:55: ERROR: proposal.c:999:set_proposal_from_policy(): > There is a difference between the in/out bound policies. Those last messages might give you a hint. What does your racoon.conf & setkey's look like for the tunnels which do work and those that don't ? Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message