From owner-freebsd-security Fri Dec 7 1:57:20 2001 Delivered-To: freebsd-security@freebsd.org Received: from highland.isltd.insignia.com (highland.isltd.insignia.com [195.74.141.1]) by hub.freebsd.org (Postfix) with ESMTP id 7E41537B41F for ; Fri, 7 Dec 2001 01:57:13 -0800 (PST) Received: from wolf.isltd.insignia.com (wolf.isltd.insignia.com [172.16.1.3]) by highland.isltd.insignia.com (8.11.3/8.11.3/check_local4.2) with ESMTP id fB79v7E08148 for ; Fri, 7 Dec 2001 09:57:07 GMT Received: (from news@localhost) by wolf.isltd.insignia.com (8.9.3/8.9.3) id JAA24864 for freebsd-security@freebsd.org; Fri, 7 Dec 2001 09:57:07 GMT From: freebsd-security-local@insignia.com To: freebsd-security@freebsd.org Subject: Racoon <> VPN Gateway Date: Fri, 07 Dec 2001 09:57:06 +0000 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I've now got further trying to get racoon talking to a Redcreek Ravlin10 VPN gateway, once I realised the gif device is needed for tunnel mode. It actually replies to me, though the reply isn't what racoon seems to expect. I'm trying to establish an ESP tunnel mode connection between 213.208.123.252 (racoon) and 195.74.141.60 (Ravlin). Racoon says: >2001-12-06 20:44:02: DEBUG: plog.c:193:plogdump(): >570f2123 9cb90864 e32f2052 6e2fe2bd 04100200 00000000 000000b8 0a000084 >1d6d8373 a942cbac fc328e32 c481ac14 6ea02c98 dfc8bb4b 036e3490 d44d34ea >7ae463ee 7da2990e d71befaf 12d513e8 1adead04 124313fb d6b67934 eba66183 >7decaa74 1d9cf00b c8bd6062 30da7328 d1f0dd63 afb89a74 7e1fa81b 1fd0232a >114926c8 82744516 bd228bf0 15c579be 8e9b416a 69fae755 373629bd 7101dcdf >00000018 8cebacef 4255a2b7 03ef7636 5fedb40d 7063d89f >2001-12-06 20:44:02: DEBUG: isakmp.c:2290:isakmp_printpacket(): begin. >44:02.139797 195.74.141.60:500 -> 213.208.123.252:500: isakmp 1.0 msgid 00000000: >phase 1 ? ident: > (ke: key len=128) > (nonce: n len=20) >2001-12-06 20:44:02: DEBUG: isakmp.c:394:isakmp_main(): malformed cookie received >or the spi expired. whereas the Ravlin says: >Dec 6 20:46:30 ravlin10 [051b4216] 101-12-06/20:45:05(GMT) Received ISAKMP initi >alization request. Peer: (213.208.123.252) >Dec 6 20:46:32 ravlin10 [03044222] 101-12-06/20:45:07(GMT) Invalid payload. Poss >ible overrun attack! () and a little later racoon says: >>2001-12-06 20:57:30: DEBUG: isakmp.c:1133:isakmp_parsewoh(): begin. >>2001-12-06 20:57:30: DEBUG: isakmp.c:1160:isakmp_parsewoh(): seen nptype=11(notify >>) >>2001-12-06 20:57:30: DEBUG: isakmp.c:1166:isakmp_parsewoh(): invalid length of pay >>load >>2001-12-06 20:57:50: DEBUG: isakmp.c:1482:isakmp_ph1resend(): resend phase1 packet >> 0dc9fec8ecc746c3:fbeee539edff5c7e and the Ravlin says: >Dec 6 20:59:37 ravlin10 [051b4216] 101-12-06/20:58:12(GMT) Received ISAKMP initi >alization request. Peer: (213.208.123.252) >Dec 6 20:59:38 ravlin10 [03044222] 101-12-06/20:58:13(GMT) Invalid payload. Poss >ible overrun attack! () If there are any racoon experts out there who can shed light on this I'd be most grateful. I had to change the default racoon.conf from agressive to main mode to get this far. Jim Hatfield To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message