Date: Fri, 07 Dec 2001 09:57:06 +0000 From: freebsd-security-local@insignia.com To: freebsd-security@freebsd.org Subject: Racoon <> VPN Gateway Message-ID: <c7411ug95bmgi7f2vqok8aja61k3h0j08f@4ax.com>
next in thread | raw e-mail | index | archive | help
I've now got further trying to get racoon talking to a Redcreek Ravlin10 VPN gateway, once I realised the gif device is needed for tunnel mode. It actually replies to me, though the reply isn't what racoon seems to expect. I'm trying to establish an ESP tunnel mode connection between 213.208.123.252 (racoon) and 195.74.141.60 (Ravlin). Racoon says: >2001-12-06 20:44:02: DEBUG: plog.c:193:plogdump(): >570f2123 9cb90864 e32f2052 6e2fe2bd 04100200 00000000 000000b8 0a000084 >1d6d8373 a942cbac fc328e32 c481ac14 6ea02c98 dfc8bb4b 036e3490 d44d34ea >7ae463ee 7da2990e d71befaf 12d513e8 1adead04 124313fb d6b67934 eba66183 >7decaa74 1d9cf00b c8bd6062 30da7328 d1f0dd63 afb89a74 7e1fa81b 1fd0232a >114926c8 82744516 bd228bf0 15c579be 8e9b416a 69fae755 373629bd 7101dcdf >00000018 8cebacef 4255a2b7 03ef7636 5fedb40d 7063d89f >2001-12-06 20:44:02: DEBUG: isakmp.c:2290:isakmp_printpacket(): begin. >44:02.139797 195.74.141.60:500 -> 213.208.123.252:500: isakmp 1.0 msgid 00000000: >phase 1 ? ident: > (ke: key len=128) > (nonce: n len=20) >2001-12-06 20:44:02: DEBUG: isakmp.c:394:isakmp_main(): malformed cookie received >or the spi expired. whereas the Ravlin says: >Dec 6 20:46:30 ravlin10 [051b4216] 101-12-06/20:45:05(GMT) Received ISAKMP initi >alization request. Peer: (213.208.123.252) >Dec 6 20:46:32 ravlin10 [03044222] 101-12-06/20:45:07(GMT) Invalid payload. Poss >ible overrun attack! () and a little later racoon says: >>2001-12-06 20:57:30: DEBUG: isakmp.c:1133:isakmp_parsewoh(): begin. >>2001-12-06 20:57:30: DEBUG: isakmp.c:1160:isakmp_parsewoh(): seen nptype=11(notify >>) >>2001-12-06 20:57:30: DEBUG: isakmp.c:1166:isakmp_parsewoh(): invalid length of pay >>load >>2001-12-06 20:57:50: DEBUG: isakmp.c:1482:isakmp_ph1resend(): resend phase1 packet >> 0dc9fec8ecc746c3:fbeee539edff5c7e and the Ravlin says: >Dec 6 20:59:37 ravlin10 [051b4216] 101-12-06/20:58:12(GMT) Received ISAKMP initi >alization request. Peer: (213.208.123.252) >Dec 6 20:59:38 ravlin10 [03044222] 101-12-06/20:58:13(GMT) Invalid payload. Poss >ible overrun attack! () If there are any racoon experts out there who can shed light on this I'd be most grateful. I had to change the default racoon.conf from agressive to main mode to get this far. Jim Hatfield To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c7411ug95bmgi7f2vqok8aja61k3h0j08f>