Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 15 Sep 2017 07:43:10 +0900 (JST)
From:      Koh-ichi Oniuda (=?iso-2022-jp?B?GyRCNTRAOEVEOUAwbBsoQg==?=) <oniuda@oni.gr.jp>
To:        freebsd-users-jp@freebsd.org
Subject:   [FreeBSD-users-jp 96119] Re: IPSec on FreeBSD 11.1-RELEASE-p1
Message-ID:  <20170915.074310.28917475783234883.oniuda@oni.gr.jp>
In-Reply-To: <20170912.114806.696099016890246140.oniuda@oni.gr.jp>
References:  <20170912.114806.696099016890246140.oniuda@oni.gr.jp>
next in thread | previous in thread | raw e-mail | index | archive | help 
$BDI2C>pJs$G$9!#(B

3$BBf$N(BFreeBSD Box$B4V$G(Bipsec$B$N808r49$r$d$C$F$_$^$7$?!#(B
A.FreeBSD 11.1-RELEASE-p1+ports/ipsec-tools(ipsec-tools-0.8.2_2)
B.FreeBSD 11.1-RELEASE-p1+ports/ipsec-tools(ipsec-tools-0.8.2_2)
C.FreeBSD 9.3-STABLE+ports/ipsec-tools(ipsec-tools-0.8.1_4)

A <-> B $B4V$G$O!":G=i$N%a!<%k$NDL$j$H$J$j$^$9!#(B
A <-> C $B4V$G$O!"(BA$B$O!"F1MM$N8=>]$G$9$,!"(BC$B$G$O!"(BSAD$B$,@5>o$KI=<($5$l$^(B
$B$7$?!#(BA$B$,808r49<:GT$7$F$$$k$N$G(BIPSec$BDL?.$O$G$-$^$;$s$,!#(B

$B$^$?(B A <-> B $B4V$G808r49$J$7(B(racoon$B$J$7(B)$B808GDj$G@\B3$7$?>l9g$O!"@5>o(B
$B$K(BSAD SPD$B$H$b$KI=<($5$l!"(BIPSec$B$NDL?.$,3NN)$5$l$^$9!#(B

$B!!(BFreeBSD 11$B$H(Bracoon$B4V$KLdBj$,$"$k$h$&$K;W$($^$9!#(B
$B!!(Bports$B$r:G?7$K$7$^$7$?$,(Bipsec-tools$B$O(B8/4$B$N%?%$%`%9%?%s%W$N$^$^$G$7$?!#(B

FreeBSD 11 + ports/ipsec-tools $B$GLdBj$J$/(BIPSec$BDL?.$G$-$k$N$G$7$g$&$+!)(B
google$B8!:w$G$O!"(BFreeBSD11+strongswan$B$G$N!";vNc$O%R%C%H$7$^$9!#(B

In <20170912.114806.696099016890246140.oniuda@oni.gr.jp>
 at Tue, 12 Sep 2017 11:48:06 +0900 (JST)
Re:[ [FreeBSD-users-jp 96112] IPSec on FreeBSD 11.1-RELEASE-p1 ]
 Koh-ichi Oniuda ($B54@8ED9@0l(B) <oniuda@oni.gr.jp> wrotes:
oniuda> $B54@8ED$G$9!#(B
oniuda> 
oniuda> $B!!(B/usr/ports/security/ipsec-tools$B$r(BFreeBSD 11.1-RELEASE-p1$B$K%$%s%9%H!<%k(B
oniuda> $B$7!"(B2$BBf$N(BFreeBSD$B4V$G(BIPSec VPN$B$r:n$m$&$H$7$F$$$^$9!#(Bipsec-tools$B$O(BFreeBSD4
oniuda> $B;~Be$+$i!"(BFreeBSD9$B$^$G;HMQ$7B3$1$F$$$k$N$G$9$,!"(BFreeBSD11$B$G$O!"F1$8$h$&$J(B
oniuda> $B@_Dj$G$D$J$,$j$^$;$s!#(B
oniuda> 
oniuda> racoon$B$N%m%0$K0J2<$N%(%i!<(B(pfkey UPDATE failed: No such process)$B$,5-O?(B
oniuda> $B$5$l$^$9!#(B
oniuda> DEBUG: pk_recv: retry[0] recv()
oniuda> DEBUG: got pfkey UPDATE message
oniuda> ERROR: pfkey UPDATE failed: No such process
oniuda> DEBUG: pk_recv: retry[0] recv()
oniuda> DEBUG: got pfkey ADD message
oniuda> INFO: IPsec-SA established: ESP 192.168.16.3[500]->192.168.16.2[500] spi=40609554(0x26ba712)
oniuda> 
oniuda> $B$^$?!"0J2<$N%+!<%M%k%a%C%;!<%8$,I=<($5$l$^$9!#(B
oniuda> key_acqdone: ACQ 3802949569 is not found.key_acqdone: ACQ 528895646 is not found.key_update: invalid state.
oniuda> key_update: saidx mismatched for SPI 133341799key_add: invalid state.
oniuda> 
oniuda> FreeBSD 9$B$N;~$O!"(B pfkey UPDATE failed: No such process$B$N%(%i!<$O=P$F$$$^(B
oniuda> $B$;$s!#(B
oniuda> 
oniuda> 192.168.16.3 $B$N%5!<%PB&$N(Bsetkey
oniuda> # setkey -D
oniuda> 192.168.16.3 192.168.16.2
oniuda>         esp mode=any spi=85290753(0x05156f01) reqid=0(0x00000000)
oniuda>         E: 3des-cbc  1aaa44a3 0895b138 999b20f7 09ba3b7d 55f47cf8 a573bfaa
oniuda>         A: hmac-sha1  2932e89a ca480ba0 87cabbaf 40a67c76 b5768e8c
oniuda>         seq=0x00000000 replay=4 flags=0x00000000 state=mature
oniuda>         created: Sep 12 11:39:02 2017   current: Sep 12 11:39:03 2017
oniuda>         diff: 1(s)      hard: 28800(s)  soft: 23040(s)
oniuda>         last:                           hard: 0(s)      soft: 0(s)
oniuda>         current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
oniuda>         allocated: 0    hard: 0 soft: 0
oniuda>         sadb_seq=1 pid=9023 refcnt=1
oniuda> 192.168.16.2 192.168.16.3
oniuda>         esp mode=tunnel spi=109578375(0x06880887) reqid=0(0x00000000)
oniuda>         seq=0x00000000 replay=0 flags=0x00000000 state=larval
oniuda>         created: Sep 12 11:39:02 2017   current: Sep 12 11:39:03 2017
oniuda>         diff: 1(s)      hard: 0(s)      soft: 0(s)
oniuda>         last:                           hard: 0(s)      soft: 0(s)
oniuda>         current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
oniuda>         allocated: 0    hard: 0 soft: 0
oniuda>         sadb_seq=0 pid=9023 refcnt=1
oniuda> 
oniuda> $B$H$J$j(BSPI$B$N8r49$,$G$-$F$$$kMM$G$9$,!"(B192.168.16.2 192.168.16.3$BB&$N(B
oniuda> $B>pJs$,IT==J,$G(B
oniuda> 
oniuda> 2017-09-12 11:39:33: ERROR: 192.168.16.2 give up to get IPsec-SA due to time up to wait.
oniuda> 
oniuda> $B$H$J$j$^$9!#(B
oniuda> 
oniuda> $B0J2<$K$bF1MM$N8=>]$,$"$k$h$&$G$9!#(B
oniuda> https://groups.google.com/forum/#!topic/fido7.ru.unix.bsd/YhEK6_50fCs
oniuda> 
oniuda> $BBP1~:v$"$j$^$7$?$i!"$465<x$/$@$5$$!#(B

---
Oniuda

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170915.074310.28917475783234883.oniuda>