[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPsec and racoon in tunnel-mode

To: <ipsec@lists.tislabs.com>
Subject: IPsec and racoon in tunnel-mode
From: "Frank Herchet (mailings)" <mailings@herchet.net>
Date: Fri, 12 Mar 2004 22:57:15 +0100
Sender: owner-ipsec@lists.tislabs.com
User-agent: KMail/1.5.4

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

possibly somone can help me. i'm trying to secure a connection between two 
hosts. i'v configured setkey:

- -----------------------------------------------------------------------
# /usr/sbin/setkey -f

# Flush the SAD and SPD
flush;
spdflsuh;

spdadd 192.168.1.10[any] 192.168.1.12[any] any -P out ipsec
        esp/transport/192.168.1.10-192.168.1.12/require
        ah/transport/192.168.1.10-192.168.1.12/require;

spdadd 192.168.1.12[any] 192.168.1.10[any] any -P in ipsec
        esp/transport/192.168.1.12-192.168.1.10/require
        ah/transport/192.168.1.12-192.168.1.10/require;
- -----------------------------------------------------------------------
and racoon.conf
- -----------------------------------------------------------------------
   remote 192.168.1.12
   {
   exchange_mode main;
   proposal {
            encryption_algorithm 3des;
            hash_algorithm md5;
            authentication_method pre_shared_key;
            dh_group modp1024;
            }
   }
   sainfo address 192.168.1.0/24 any address 192.168.1.0/24 any {
            pfs_group modp768;
            encryption_algorithm 3des;
            authentication_algorithm hmac_md5;
            compression_algorithm deflate;
   }
- -----------------------------------------------------------------------

after starting racoon and trying to ping the other host, i get these messages 
and no connection:
2004-03-12 22:58:19: DEBUG: pfkey.c:195:pfkey_handler(): get pfkey ACQUIRE
message
2004-03-12 22:58:19: DEBUG: pfkey.c:1548:pk_recvacquire(): suitable outbound
SP found: 192.168.1.12/32[0] 192.168.1.10/32[0] proto=any dir=out.
2004-03-12 22:58:19: DEBUG: policy.c:183:cmpspidxstrict(): sub:0xbffff480:
192.168.1.10/32[0] 192.168.1.12/32[0] proto=any dir=in
2004-03-12 22:58:19: DEBUG: policy.c:184:cmpspidxstrict(): db :0x809f490:
192.168.1.10/32[0] 192.168.1.12/32[0] proto=any dir=in
2004-03-12 22:58:19: DEBUG: pfkey.c:1564:pk_recvacquire(): suitable inbound SP
found: 192.168.1.10/32[0] 192.168.1.12/32[0] proto=any dir=in.
2004-03-12 22:58:19: DEBUG: pfkey.c:1603:pk_recvacquire(): new acquire
192.168.1.12/32[0] 192.168.1.10/32[0] proto=any dir=out
2004-03-12 22:58:19: ERROR: pfkey.c:1633:pk_recvacquire(): failed to get
sainfo.



can smeone help me please ?
what i've done wrong ?

thx
Frank


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iQCVAwUBQFIyP/qrCi15ZonmAQLWAAP+JY5m+x+MX/UIYJL79Lo/y/rEP99aBqCZ
Rb/uPnREG9UI1wuq2fYA4cGmb9syM4PZodnN3h+8BSICNTtzkihDw5vSv/OdzLt4
9YAvVC0vGDQ296Al2Nlk9oHbo16tDB9fGnmXnhjM7H8iJ8GX/OEqn7N+JSmiAEk1
S4/Wq7Y6HN8=
=qnqC
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: IPsec and racoon in tunnel-mode
  - From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

Prev by Date: RE: status of IPsec MIBs
Next by Date: Re: Traffic selectors, fragments, ICMP messages and security policy problems
Previous by thread: Re: AH and mutable fields, how deep to look?
Next by thread: Re: IPsec and racoon in tunnel-mode
Index(es):
- Date
- Thread