From owner-freebsd-security  Mon Dec 10  8:37:38 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mine.kame.net (kame195.kame.net [203.178.141.195])
	by hub.freebsd.org (Postfix) with ESMTP id 8690837B405
	for <freebsd-security@freebsd.org>; Mon, 10 Dec 2001 08:37:34 -0800 (PST)
Received: from localhost ([3ffe:507:1ff:2:c1a6:e2f0:1f5d:9f7c])
	by mine.kame.net (8.11.1/3.7W) with ESMTP id fBAGViS25530;
	Tue, 11 Dec 2001 01:31:44 +0900 (JST)
To: freebsd-security-local@insignia.com
Cc: freebsd-security@freebsd.org
Subject: Re: Racoon <> VPN Gateway
In-Reply-To: Your message of "Fri, 07 Dec 2001 09:57:06 +0000"
	<c7411ug95bmgi7f2vqok8aja61k3h0j08f@4ax.com>
References: <c7411ug95bmgi7f2vqok8aja61k3h0j08f@4ax.com>
X-Mailer: Cue version 0.6 (011026-1440/sakane)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Message-Id: <20011211013724G.sakane@kame.net>
Date: Tue, 11 Dec 2001 01:37:24 +0900
From: Shoichi Sakane <sakane@kame.net>
X-Dispatcher: imput version 20000228(IM140)
Lines: 23
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> I've now got further trying to get racoon talking to a Redcreek
> Ravlin10 VPN gateway, once I realised the gif device is needed
> for tunnel mode. It actually replies to me, though the reply
> isn't what racoon seems to expect.

basically you don't need the gif device configuration when you want
to use IPsec tunnel mode.

> I'm trying to establish an ESP tunnel mode connection between
> 213.208.123.252 (racoon) and 195.74.141.60 (Ravlin).

> Racoon says:
> >2001-12-06 20:44:02: DEBUG: isakmp.c:394:isakmp_main(): malformed cookie received or the spi expired.

did you see other error message before this message ?
i think this session failed due to some reasons, so racoon could not
process this session any more.

> whereas the Ravlin says:
> >Dec  6 20:46:30 ravlin10 [051b4216] 101-12-06/20:45:05(GMT)  Received ISAKMP initialization request. Peer:  (213.208.123.252)
> >Dec  6 20:46:32 ravlin10 [03044222] 101-12-06/20:45:07(GMT)  Invalid payload. Possible overrun attack!  ()

i'm not sure the meaning of above two messages.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message