From owner-freebsd-net@FreeBSD.ORG Mon Aug 20 18:31:01 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 224E716A46C for ; Mon, 20 Aug 2007 18:31:01 +0000 (UTC) (envelope-from adityaa.kiran@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.179]) by mx1.freebsd.org (Postfix) with ESMTP id EFDF013C48A for ; Mon, 20 Aug 2007 18:31:00 +0000 (UTC) (envelope-from adityaa.kiran@gmail.com) Received: by wa-out-1112.google.com with SMTP id k17so912680waf for ; Mon, 20 Aug 2007 11:31:00 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; b=fSPJNqVaefdzuYHXbFG8NZlgxhBqDWVxHDfgUiBQl1cJUYCwlJf1htL6r6sVOZETU/hDfXhEUVJZTY5IYwaW/tU9AElgJxI/ny+8G/AFunHZBXqHlNwBfA7AyXRC+RZGd31rq1290gAaSQPC1jKUkUqTxcZ20pqsg24OAqs71fo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=cUyg0Zm0F9uF7ytPE2NsiZyzl6eex+CTbhc/PEl9BRWkBmZ5YRDTohCIK2WF5RYRhNp7eP3xt7As95QZiPuVc2DR5/DcjQ+GW86OqksDOZxXGNI4qt8D3Kaw6vm9SD9uQUawbKTUK2eJhI5J0wLM+7rZBonBqsEeDl0InKT6l14= Received: by 10.114.199.1 with SMTP id w1mr380545waf.1187634660561; Mon, 20 Aug 2007 11:31:00 -0700 (PDT) Received: by 10.114.72.3 with HTTP; Mon, 20 Aug 2007 11:31:00 -0700 (PDT) Message-ID: <994cd1cf0708201131k58a7cbbdh531638ccc925854a@mail.gmail.com> Date: Tue, 21 Aug 2007 00:01:00 +0530 From: "aditya kiran" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Racoon and per-socket based IPSec - Doesnt seem to be working! X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Aug 2007 18:31:01 -0000 Hi, I need some help for ipsec configurations -- I was trying to use per-socket based IPsec with racoon. I have used setsockopt to set the ipsec policy on the socket. Then i started racoon with default configuration of remote and sainfo being anonymous. Now when i try to send out some ICMP packets, racoon gets a notification for key-acquire; however, racoon seems to be checking the policy id in its database and couldnt find one.. so it has thrown an error saying no spdid found!! and it hasnt initiated any key negotiations... is this expected? racoon doesnt work with per-socket based ipsec? if thats the case; how the SA entry in the security policy in the socket will get filled? Or do I need to use setkey to add an SPD even if i use per-socket based ipsec? can somebody please help me in understanding this? Thanks, Adityaa