From owner-freebsd-questions@FreeBSD.ORG  Tue May 17 12:56:15 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7ED7516A4CE
	for <freebsd-questions@freebsd.org>;
	Tue, 17 May 2005 12:56:15 +0000 (GMT)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 572D143D2D
	for <freebsd-questions@freebsd.org>;
	Tue, 17 May 2005 12:56:14 +0000 (GMT)
	(envelope-from freebsd-questions@m.gmane.org)
Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1DY1aC-0005KO-OP
	for freebsd-questions@freebsd.org; Tue, 17 May 2005 14:54:00 +0200
Received: from dsl-62-3-100-125.zen.co.uk ([62.3.100.125])
        by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <freebsd-questions@freebsd.org>; Tue, 17 May 2005 14:54:00 +0200
Received: from darenr by dsl-62-3-100-125.zen.co.uk with local (Gmexim 0.1
	(Debian))        id 1AlnuQ-0007hv-00
	for <freebsd-questions@freebsd.org>; Tue, 17 May 2005 14:54:00 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-questions@freebsd.org
From: Daren Russell <darenr@end-design.co.uk>
Date: Tue, 17 May 2005 13:52:57 +0100
Lines: 57
Message-ID: <d6cpds$luu$1@sea.gmane.org>
References: <d6a1fg$pf1$1@sea.gmane.org>
	<23gi81pattnnan1rlv8uc0dva1ken5r8cj@4ax.com> <d6ca7k$58s$1@sea.gmane.org>
	<t7mj815s2oh8gtpil1ul8h55k4slj97lsc@4ax.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: dsl-62-3-100-125.zen.co.uk
User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050404)
X-Accept-Language: en-us, en
In-Reply-To: <t7mj815s2oh8gtpil1ul8h55k4slj97lsc@4ax.com>
Sender: news <news@sea.gmane.org>
Subject: Re: IPSec and Racoon between 5.4 and 4.11
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 May 2005 12:56:15 -0000

Mike Tancsa wrote:
> On Tue, 17 May 2005 09:33:40 +0100, in sentex.lists.freebsd.questions
> you wrote:
> 
>>A basic tunnel (without any encryption) works fine.  As soon as
>>ipsec_enable is set in rc.conf, it fails.
>>
>>setkey -D shows No SAD entries.
> 
> 
>>If I start a ping from 192.168.1.254 -> 192.168.0.254, the receiving
>>machine get's an 'Invalid length of payload' error, whilst the sending
>>machine is getting an 'phase 2 negotiation failed due to time up waiting
>>for phase1.  ESP 62.x.x.125->82.x.x.141'  (The ip's shown are what they
>>should be.)  I can probably transfer entire parts of the log files if
>>required, but at the moment, both machines are isolated.
>>
>>A further point I've discovered having left them running for a while, is
>>the racoon on the AMD64 keeps crashing and dumping core (although I
>>don't know what to do with that!).  Maybe there is an issue with racoon
>>on 64bit?  Maybe I should try re-installing with a standard i386 arch.
>>(Last ditch!)
> 
> 
> Yes, I would try and see if moving to i386 fixes the problem.
> Assuming you do have all the configs correct, there is no reason why
> it should not work.
> 
>>Both racoon's are 'racoon-2005-0510a' BTW.
> 
> 
> I have only just started using this version last weekend so I am not
> sure how good it is, but I suspect its the AMD64 thats at issue if all
> your configs are indeed correct.

With heavy heart...

I triple, quadruple checked and then to be even more sure, I copied all
the files from the live servers into the test servers again, with the
same effect.

Time to start from scratch I guess.

Thanks again
Daren

> 
> 	---Mike
> --------------------------------------------------------
> Mike Tancsa, Sentex communications http://www.sentex.net
> Providing Internet Access since 1994
> mike@sentex.net, (http://www.tancsa.com)
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>