Date: Thu, 24 Sep 2015 12:19:05 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 203308] wildcard patch in ipsec-tools breaks aggressive tunnels Message-ID: <bug-203308-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203308 Bug ID: 203308 Summary: wildcard patch in ipsec-tools breaks aggressive tunnels Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: andywhite@gmail.com see Bug 196930 the wildcard patch (required for l2tp etc) breaks aggressive mode tunnels. changing the tunnels to main mode resolves the problem. with patch applied but no wildcard in the psk file racoon: INFO: IPsec-SA request for X.X.255.179 queued due to no phase1 found. racoon: INFO: initiate new phase 1 negotiation: X.X.255.182[500]<=>X.X.255.179[500] racoon: INFO: begin Aggressive mode. racoon: INFO: received Vendor ID: RFC 3947 racoon: INFO: received Vendor ID: DPD racoon: [X.X.255.179] INFO: Selected NAT-T version: RFC 3947 racoon: [X.X.255.182] INFO: Hashing X.X.255.182[500] with algo #2 racoon: INFO: NAT-D payload #-1 verified racoon: [X.X.255.179] INFO: Hashing X.X.255.179[500] with algo #2 racoon: INFO: NAT-D payload #0 verified racoon: INFO: NAT not detected racoon: [X.X.255.179] NOTIFY: couldn't find the proper pskey, try to get one by the peer's address. racoon: INFO: Adding remote and local NAT-D payloads. racoon: [X.X.255.179] INFO: Hashing X.X.255.179[500] with algo #2 racoon: [X.X.255.182] INFO: Hashing X.X.255.182[500] with algo #2 racoon: INFO: ISAKMP-SA established X.X.255.182[500]-X.X.255.179[500] spi:78e9f4efeaccc1a8:949caf456c915321 racoon: INFO: initiate new phase 2 negotiation: X.X.255.182[500]<=>X.X.255.179[500] racoon: INFO: IPsec-SA established: ESP/Tunnel X.X.255.182[500]->X.X.255.179[500] spi=43872531(0x29d7113) racoon: INFO: IPsec-SA established: ESP/Tunnel X.X.255.182[500]->X.X.255.179[500] spi=19415386(0x128415a) adding a wildcard to the psk, no other configuration change racoon: INFO: IPsec-SA request for X.X.255.179 queued due to no phase1 found. racoon: INFO: initiate new phase 1 negotiation: X.X.255.182[500]<=>X.X.255.179[500] racoon: INFO: begin Aggressive mode. racoon: INFO: received Vendor ID: RFC 3947 racoon: INFO: received Vendor ID: DPD racoon: [X.X.255.179] INFO: Selected NAT-T version: RFC 3947 racoon: [X.X.255.182] INFO: Hashing X.X.255.182[500] with algo #2 racoon: INFO: NAT-D payload #-1 verified racoon: [X.X.255.179] INFO: Hashing X.X.255.179[500] with algo #2 racoon: INFO: NAT-D payload #0 verified racoon: INFO: NAT not detected racoon: ERROR: HASH mismatched -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-203308-13>