Date: Sun, 12 Sep 2004 01:35:09 +0200 From: "Georg-W. Koltermann" <gwk@rahn-koltermann.de> To: freebsd-current@freebsd.org Subject: [5.3-BETA3] no IPSEC connection to 5.2.1 box Message-ID: <1094945709.15216.4.camel@localhost.muc.eu.mscsoftware.com>
next in thread | raw e-mail | index | archive | help
Hi,
I don't get my IPSEC connection to run. This system is 5.3-BETA3, the
other system is 5.2.1. Both use FAST_IPSEC. Keys are negotiated by
racoon.
This system logs:
Sep 12 01:28:43 hunter racoon: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin Aggressive mode.
Sep 12 01:28:43 hunter racoon: INFO: vendorid.c:128:check_vendorid(): received Vendor ID: KAME/racoon
Sep 12 01:28:43 hunter racoon: NOTIFY: oakley.c:2084:oakley_skeyid(): couldn't find the proper pskey, try to get one by the peer's address.
Sep 12 01:28:43 hunter racoon: INFO: isakmp.c:2459:log_ph1established(): ISAKMP-SA established 10.0.0.3[500]-10.0.0.2[500] spi:089d678f545f30a1:b029dca9f1b19b03
Sep 12 01:28:44 hunter racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 10.0.0.3[0]<=>10.0.0.2[0]
Sep 12 01:29:17 hunter racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 10.0.0.3[0]<=>10.0.0.2[0]
Sep 12 01:30:07 hunter last message repeated 2 times
Sep 12 01:30:23 hunter named[369]: Err/TO getting serial# for "0.168.192.IN-ADDR.ARPA"
Sep 12 01:30:29 hunter racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 10.0.0.3[0]<=>10.0.0.2[0]
Sep 12 01:30:29 hunter racoon: ERROR: pfkey.c:1076:pk_sendupdate(): libipsec failed send update (No buffer space available)
Sep 12 01:30:29 hunter racoon: ERROR: isakmp_quick.c:651:quick_i2send(): pfkey update failed.
Sep 12 01:30:29 hunter racoon: ERROR: isakmp.c:750:quick_main(): failed to process packet.
Sep 12 01:30:29 hunter racoon: ERROR: isakmp.c:541:isakmp_main(): phase2 negotiation failed.
Sep 12 01:30:57 hunter racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 10.0.0.3[0]<=>10.0.0.2[0]
Sep 12 01:31:21 hunter racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 10.0.0.3[0]<=>10.0.0.2[0]
The other system logs:
Sep 12 01:29:37 bat racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond new phase 2 negotiation: 10.0.0.2[0]<=>10.0.0.3[0]
Sep 12 01:29:37 bat racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA established: ESP/Transport 10.0.0.3->10.0.0.2 spi=265528800(0xfd3a5e0)
Sep 12 01:29:37 bat racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA established: ESP/Transport 10.0.0.2->10.0.0.3 spi=41763698(0x27d4372)
Sep 12 01:30:10 bat racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond new phase 2 negotiation: 10.0.0.2[0]<=>10.0.0.3[0]
Sep 12 01:30:10 bat racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA established: ESP/Transport 10.0.0.3->10.0.0.2 spi=26763127(0x1985f77)
Sep 12 01:30:10 bat racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA established: ESP/Transport 10.0.0.2->10.0.0.3 spi=205325487(0xc3d04af)
I should also mention that my ports (i.e. racoon) are still the binaries
from 5.2.1 (mounted from the old partition due to space constraints).
Do I need to recompile racoon for 5.3?
--
Regards,
Georg.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1094945709.15216.4.camel>