Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 8 Dec 2005 07:49:35 +0000 (GMT)
From:      priya yelgar <yelgar_priya@yahoo.co.in>
To:        freebsd-ports@freebsd.org
Subject:   racoon with freebsd-4.11 crashes
Message-ID:  <20051208074935.95671.qmail@web8507.mail.in.yahoo.com>
next in thread | raw e-mail | index | archive | help 
Hi

Running racoon on a Freebsd-4.11 machine gives a
kernel panic.

I am using the racoon from ports directory
'/usr/ports/security/racoon/ 'which comes with the
freebsd installation. It installed the racoon in
/usr/local/sbin/racoon'.

Steps followed are as shown below:

        racoon -f /usr/local/etc/racoon/raccon.conf
        setkey -f ipsec.conf

        ping -c 1 <ip_of_the_other_gw>

Ping of a one packet leades into a kernel panic.

TO apply the outbound SA to the ping packet it is
going in "key_checkrequest" in key.c file and crashing
there.

As I know  "key_checkrequest" is used to apply a
exsiting SA to a outgoing packet.

But in case of racoon the first ping packet is used
for negotiation with other gateway to establish the
SA.

I am not understading as to why it is going in
key_checkrequest and crashing.

Please anyone who have used racoon with FreeDS-4.11
can guide me if i am doing something wrong. The config
file is given below.

I have compiled the kernel with IPSEC ,IPSEC_ESP
options.

I am using a preshared key file.

my configuration file is given below:

#!/usr/local/bin/racoon

# CONFIGURATION FILE FOR 192.168.190.44

path include "/root";

path pre_shared_key "/root/psk.txt";
log debug2;

padding {
	maximum_length 20;
	randomize off;
	strict_check off;
	exclusive_tail off;
}

listen {
	isakmp 192.168.190.43 [500];
}

timer {
	counter 5;
	interval 20 sec;
	persend 1;
	phase1 30 sec;
	phase2 15 sec;
}

remote 192.168.190.43 {
	exchange_mode main;
	doi ipsec_doi;
	situation identity_only;

	my_identifier address 192.168.190.44;
	peers_identifier address 192.168.190.43;
	lifetime time 24 hour;
	nonce_size 16;
	initial_contact on;
	proposal_check obey;
	proposal {
		encryption_algorithm 3des;
		hash_algorithm sha1;
		authentication_method pre_shared_key;
		dh_group 1;
	}
}

sainfo address 192.168.190.44 any address
192.168.190.43 any
{
	pfs_group 1;
	lifetime time 2 hour;
	encryption_algorithm 3des;
	authentication_algorithm hmac_sha1;
	compression_algorithm deflate;
}


Thanks in advance
Priya



		
__________________________________________________________ 
Yahoo! India Matrimony: Find your partner now. Go to http://yahoo.shaadi.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051208074935.95671.qmail>