Date: Tue, 05 Mar 2002 13:36:45 +0900 From: Shoichi Sakane <sakane@kame.net> To: frank@mini.chicago.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: Racoon/sainfo - 'no policy found' Message-ID: <20020305133645Z.sakane@kame.net> In-Reply-To: Your message of "Fri, 8 Feb 2002 23:57:26 -0800 (PST)" <20020212021302.B70C89F016@okeeffe.bestweb.net> References: <20020212021302.B70C89F016@okeeffe.bestweb.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> Since sending my first message I've found that FBSD/racoon<->FBSD/racoon > only works till the first time the keys are renegotiated. At that point > I get the message about the security association expiring but from then > on I always get the 'policy not found' error. The following is part of > the log from one side of the FBSD<->FBSD case. > 2002-02-08 23:47:31: INFO: isakmp.c:896:isakmp_ph1begin_r(): begin Aggressive mode. > 2002-02-08 23:47:33: NOTIFY: oakley.c:2036:oakley_skeyid(): couldn't find pskey, try to get one by the peer's address. it seems you didn't define the pre-shared key file properly. you should add a single line into the psk file like, "sakane@kame.net presharedkey". in this case. "sakane@kame.net" is the identifier of both of nodes as you used exactly same configuration. but it's not much problem. > 2002-02-08 23:47:33: ERROR: proposal.c:965:set_proposal_from_policy(): not supported nested SA. > 2002-02-08 23:47:33: ERROR: isakmp_quick.c:2070:get_proposal_r(): failed to create saprop. the message means the SPD entry to be used this negotiation has different ipsec tunnel end points, such like spdadd X Y any -P out ipsec esp/tunnel/A-B/use esp/tunnel/A-C/use; do you have it ? if so, racoon doesn't support this configuration. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020305133645Z.sakane>