From owner-freebsd-security@FreeBSD.ORG Tue Jan 20 10:43:45 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 314F116A4CE for ; Tue, 20 Jan 2004 10:43:45 -0800 (PST) Received: from kestrel.alerce.com (kestrel.alerce.com [209.182.219.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id E956743D69 for ; Tue, 20 Jan 2004 10:43:30 -0800 (PST) (envelope-from hartzell@kestrel.alerce.com) Received: from rosebud.alerce.com (rosebud.lbl.gov [131.243.193.115]) (authenticated bits=128) by kestrel.alerce.com (8.12.10/8.12.10) with ESMTP id i0KIhRLN075946 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 20 Jan 2004 10:43:28 -0800 (PST) (envelope-from hartzell@kestrel.alerce.com) Received: from rosebud.alerce.com (localhost [127.0.0.1]) by rosebud.alerce.com (8.12.9p2/8.12.9) with ESMTP id i0KIhQb2000335 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 20 Jan 2004 10:43:27 -0800 (PST) (envelope-from hartzell@rosebud.alerce.com) Received: (from hartzell@localhost) by rosebud.alerce.com (8.12.9p2/8.12.9/Submit) id i0KIhPSh000332; Tue, 20 Jan 2004 10:43:25 -0800 (PST) (envelope-from hartzell) From: George Hartzell MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16397.30413.488274.236361@rosebud.alerce.com> Date: Tue, 20 Jan 2004 10:43:25 -0800 To: hartzell@kestrel.alerce.com In-Reply-To: <16388.28960.595527.20394@rosebud.alerce.com> References: <16388.28960.595527.20394@rosebud.alerce.com> X-Mailer: VM 7.14 under 21.4 (patch 14) "Reasonable Discussion" XEmacs Lucid X-Virus-Scanned: ClamAV version 'clamd / ClamAV version devel-20031103', clamav-milter version '0.60n' cc: freebsd-security@freebsd.org Subject: Re: IPSEC btwn stable and Linksys BEFVP41 stopped working. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hartzell@kestrel.alerce.com List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jan 2004 18:43:45 -0000 I have a bit more information, and a quick question. I set up a 5.2 Release system, with a current copy of the racoon port, and had exactly the symptoms that I've described in my previous post (and excerpted below). I'm not sure where to look next. Any suggestions? And is -security the best list to discuss this, or should I try -questions or -mobile? g. George Hartzell writes: > > Hi, > > I have been using IPsec to communicate between a laptop that tracks > -stable and a Linksys BEFVP41 router. > > I only use it infrequently, but it's been working great. My setup is > as described in http://grapeape.alerce.com/linksys-ipsec/article.html > (which I am planning to submit to the handbook when it's done). > > I'm no longer able to make an ipsec connection, and I can't put my > finger on anything that's changed. The most obvious candidate is the > move from 4.8 to 4.9. > [...] > > And when I have a ping running that should be going over the tunnel, > the Linksys logs this: > > 2004-01-13 13:36:51 **IKE incoming packet dropped : unknown peer ! > 2004-01-13 13:36:51 Received: IP=64.1.164.95 I_Cookie=[3a 7d e0 36 00 b9 ca 1e ] R_Cookie=[00 00 00 00 00 00 00 00 ] > > All of the examples of packets w/ I_cookies I could find by googling > also had values for the R_cookie field..... > > Does this ring any bells for anyone. Can someone point me in a useful > direction?