From owner-freebsd-questions@FreeBSD.ORG Tue May 17 12:56:15 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7ED7516A4CE for ; Tue, 17 May 2005 12:56:15 +0000 (GMT) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 572D143D2D for ; Tue, 17 May 2005 12:56:14 +0000 (GMT) (envelope-from freebsd-questions@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1DY1aC-0005KO-OP for freebsd-questions@freebsd.org; Tue, 17 May 2005 14:54:00 +0200 Received: from dsl-62-3-100-125.zen.co.uk ([62.3.100.125]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 17 May 2005 14:54:00 +0200 Received: from darenr by dsl-62-3-100-125.zen.co.uk with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 17 May 2005 14:54:00 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Daren Russell Date: Tue, 17 May 2005 13:52:57 +0100 Lines: 57 Message-ID: References: <23gi81pattnnan1rlv8uc0dva1ken5r8cj@4ax.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: dsl-62-3-100-125.zen.co.uk User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050404) X-Accept-Language: en-us, en In-Reply-To: Sender: news Subject: Re: IPSec and Racoon between 5.4 and 4.11 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 May 2005 12:56:15 -0000 Mike Tancsa wrote: > On Tue, 17 May 2005 09:33:40 +0100, in sentex.lists.freebsd.questions > you wrote: > >>A basic tunnel (without any encryption) works fine. As soon as >>ipsec_enable is set in rc.conf, it fails. >> >>setkey -D shows No SAD entries. > > >>If I start a ping from 192.168.1.254 -> 192.168.0.254, the receiving >>machine get's an 'Invalid length of payload' error, whilst the sending >>machine is getting an 'phase 2 negotiation failed due to time up waiting >>for phase1. ESP 62.x.x.125->82.x.x.141' (The ip's shown are what they >>should be.) I can probably transfer entire parts of the log files if >>required, but at the moment, both machines are isolated. >> >>A further point I've discovered having left them running for a while, is >>the racoon on the AMD64 keeps crashing and dumping core (although I >>don't know what to do with that!). Maybe there is an issue with racoon >>on 64bit? Maybe I should try re-installing with a standard i386 arch. >>(Last ditch!) > > > Yes, I would try and see if moving to i386 fixes the problem. > Assuming you do have all the configs correct, there is no reason why > it should not work. > >>Both racoon's are 'racoon-2005-0510a' BTW. > > > I have only just started using this version last weekend so I am not > sure how good it is, but I suspect its the AMD64 thats at issue if all > your configs are indeed correct. With heavy heart... I triple, quadruple checked and then to be even more sure, I copied all the files from the live servers into the test servers again, with the same effect. Time to start from scratch I guess. Thanks again Daren > > ---Mike > -------------------------------------------------------- > Mike Tancsa, Sentex communications http://www.sentex.net > Providing Internet Access since 1994 > mike@sentex.net, (http://www.tancsa.com) > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >