Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 5 Jun 2002 18:53:05 +0200
From:      Andreas Pinkert <the_supernova@gmx.net>
To:        freebsd-security@FreeBSD.ORG
Subject:   IPSec: FreeBSD / Win2k
Message-ID:  <1816023992.20020605185305@gmx.net>
next in thread | raw e-mail | index | archive | help 
Hello everyone,

  I have a FreeBSD system in a VMWare under Windows 2000.  No I try to connect
  these systems with IPSec. I do this obviously not for security reasons, but to
  check, if and how I can get the two systems interoperate.

  I have a working connection. Cool heh? ;-)

  But there is a serious problem:
  When I start negotiations on the FreeBSD system, an SA will be established, but
  after about 15 seconds racoon crashes with a segmentation fault.
  So packets will be encrypted an decryptet correctly, only the racoon daemon is
  down. (and will not handle timeouts, etc)

  This does not happen when I start the negotiations on the Windows system.

  I updated to racoon-20020507a but the crashing continues.

  Any hints?

regards,

Andreas Pinkert.
  

  My racoon.conf:

path include "/usr/local/etc/racoon" ;
path pre_shared_key "/usr/local/etc/racoon/psk.txt" ;

log debug2;

padding
{
        maximum_length 20;      # maximum padding length.
        randomize off;          # enable randomize length.
        strict_check off;       # enable strict check.
        exclusive_tail off;     # extract last one octet.
}

timer
{
        counter 5;              # maximum trying count to send.
        interval 20 sec;        # maximum interval to resend.
        persend 1;              # the number of packets per a send.
        phase1 30 sec;
        phase2 15 sec;
}
remote 141.24.45.170 # win2k
{
        situation identity_only;
        identifier address;

        exchange_mode main, aggressive;
        lifetime time 5 min;
        passive off;
        nonce_size 16;
        proposal_check obey;
        proposal {
                encryption_algorithm 3des;
                hash_algorithm md5;
                authentication_method pre_shared_key;
                dh_group 2;
        }
}
sainfo anonymous
{
        pfs_group 2;
        lifetime time 8 hour;
        encryption_algorithm 3des;
        authentication_algorithm hmac_md5; 
        compression_algorithm deflate;
}


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1816023992.20020605185305>