From owner-freebsd-security Wed Nov 21 22:36:10 2001 Delivered-To: freebsd-security@freebsd.org Received: from mine.kame.net (kame195.kame.net [203.178.141.195]) by hub.freebsd.org (Postfix) with ESMTP id 7BBE737B416 for ; Wed, 21 Nov 2001 22:36:07 -0800 (PST) Received: from localhost ([3ffe:501:41c:2000:342f:cf8d:c16e:87e5]) by mine.kame.net (8.11.1/3.7W) with ESMTP id fAM6UT605265; Thu, 22 Nov 2001 15:30:29 +0900 (JST) To: freebsd-security-local@insignia.com Cc: freebsd-security@freebsd.org Subject: Re: KAME IPSec <->Redcreek In-Reply-To: Your message of "Wed, 21 Nov 2001 10:21:04 +0000" References: X-Mailer: Cue version 0.6 (011026-1440/sakane) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Message-Id: <20011122153613U.sakane@kame.net> Date: Thu, 22 Nov 2001 15:36:13 +0900 From: Shoichi Sakane X-Dispatcher: imput version 20000228(IM140) Lines: 16 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I wonder anyone has had success talking to a RedCreek Ravlin > VPN gateway. I have some colleagues who are successfully using > freeswan, but I'm having none at all with racoon. > > A packet trace shows the initial packet going to port 500 of > the Ravlin, but no response. Unfortunately the Ravlin doesn't > syslog anything at all in this situation, so it's kind of > hard to debug! did you compare between the ravlin's configuration and racoon's one ? if there was a mismatch, the negotiation would fail. during the phase1 negotiation, sometime the node would discard siliently. there is a possibility that the ravlin requires the main mode of IKE. but according to your explanation, the packet might not reach the port 500 of the ravlin because there might be a packet filtering. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message