From owner-freebsd-current@FreeBSD.ORG Sat Sep 25 13:20:18 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 33CF716A4D2 for ; Sat, 25 Sep 2004 13:20:18 +0000 (GMT) Received: from coruscant.rfc1149.org (coruscant.rfc1149.org [217.160.130.147]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8DAD843D5D for ; Sat, 25 Sep 2004 13:20:13 +0000 (GMT) (envelope-from arne@rfc2549.org) Received: by coruscant.rfc1149.org (Postfix, from userid 110) id D72DB3FC5; Sat, 25 Sep 2004 15:20:11 +0200 (CEST) Received: from kamino.rfc1149.org (kamino.rfc1149.org [2001:8d8:81:11::2]) by coruscant.rfc1149.org (Postfix) with ESMTP id BC6FC3CA3; Sat, 25 Sep 2004 15:20:07 +0200 (CEST) Received: by kamino.rfc1149.org (Postfix, from userid 1001) id E995F40F1; Sat, 25 Sep 2004 15:20:03 +0200 (CEST) To: "cell" In-Reply-To: <003601c4a2ea$d660c690$0301a8c0@danielle> (bettan@nerim.net's message of "Sat, 25 Sep 2004 12:31:37 +0200") References: <003601c4a2ea$d660c690$0301a8c0@danielle> From: Arne Schwabe Date: Sat, 25 Sep 2004 15:20:03 +0200 Message-ID: <86oejuzdrw.fsf@kamino.rfc1149.org> User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on coruscant.rfc1149.org X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=ham version=2.60 X-Spam-Level: cc: freebsd-current@freebsd.org Subject: Re: ipsec and freebsd 5.3-beta X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Sep 2004 13:20:18 -0000 "cell" writes: > hello , i tried to configure ipsec in my freebsd with racoon for a wifi connection with a laptop on windows xp home but i have problem.I have used this tutorial http://ezine.daemonnews.org/200401/wifi-ipsec.html and when i run racoon with "racoon -F -v" j'ai : > > # racoon -F -v > Foreground mode. > 2004-09-25 12:19:27: INFO: main.c:172:main(): @(#)package version freebsd-20040818a > 2004-09-25 12:19:27: INFO: main.c:174:main(): @(#)internal version 20001216 sakane@kame.net > 2004-09-25 12:19:27: INFO: main.c:175:main(): @(#)This product linked OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/) > 2004-09-25 12:19:27: WARNING: cftoken.l:514:yywarn(): /usr/local/etc/racoon/racoon.conf:66: "support_mip6" it is obsoleted. use "support_proxy". > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): fe80::2bd:fbff:fe03:1%tap1[500] used as isakmp port (fd=5) > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): fe80::2bd:f7ff:fe03:0%tap0[500] used as isakmp port (fd=6) > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): 62.212.121.38[500] used as isakmp port (fd=7) > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): fe80::20a:5eff:fe3e:ebf7%tun0[500] used as isakmp port (fd=8) > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): fe80::1%lo0[500] used as isakmp port (fd=9) > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): ::1[500] used as isakmp port (fd=10) > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): 127.0.0.1[500] used as isakmp port (fd=11) > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): fe80::205:5dff:fea2:98ef%vr1[500] used as isakmp port (fd=12) > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): 10.0.0.1[500] used as isakmp port (fd=13) > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): fe80::205:5dff:fe64:5a87%vr0[500] used as isakmp port (fd=14) > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): 192.168.3.1[500] used as isakmp port (fd=15) > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): 2001:7a8:3d26::1[500] used as isakmp port (fd=16) > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): fe80::20a:5eff:fe3e:ebf7%xl0[500] used as isakmp port (fd=17) > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): 192.168.1.1[500] used as isakmp port (fd=18) > 2004-09-25 12:20:07: INFO: isakmp.c:904:isakmp_ph1begin_r(): respond new phase 1 negotiation: 192.168.3.1[500]<=>192.168.3.3[500] > 2004-09-25 12:20:07: INFO: isakmp.c:909:isakmp_ph1begin_r(): begin Identity Protection mode. > 2004-09-25 12:20:07: INFO: vendorid.c:128:check_vendorid(): received Vendor ID: MS NT5 ISAKMPOAKLEY > 2004-09-25 12:20:07: WARNING: ipsec_doi.c:3064:ipsecdoi_checkid1(): ID type mismatched. > 2004-09-25 12:20:07: WARNING: ipsec_doi.c:3112:ipsecdoi_checkid1(): ID value mismatched. > 2004-09-25 12:20:07: INFO: isakmp.c:2459:log_ph1established(): ISAKMP-SA established 192.168.3.1[500]-192.168.3.3[500] spi:0ae2df7beb89619e:2202b5a1db9ba88a > 2004-09-25 12:20:07: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond new phase 2 negotiation: 192.168.3.1[0]<=>192.168.3.3[0] > 2004-09-25 12:20:07: ERROR: pfkey.c:1076:pk_sendupdate(): libipsec failed send update (No buffer space available) > 2004-09-25 12:20:07: ERROR: isakmp_quick.c:1615:quick_r3prep(): pfkey update failed. > 2004-09-25 12:20:07: ERROR: isakmp.c:750:quick_main(): failed to process packet. > 2004-09-25 12:20:07: ERROR: isakmp.c:541:isakmp_main(): phase2 negotiation failed. Look into the "Ipsec broken in 5.3" or something like this a few hours ago. A temporary workaround is to set MSIZE=512 in your kernel config. Arne