IPSEC with racoon on FreeBSD 5.2-CURRENT

Sessler, Enrico Enrico.Sessler at sca.com
Wed Jan 14 08:00:30 PST 2004 

Hello,

have set up IPSEC VPN tunnels between FreeBSD 5.1-RELEASE boxes
using racoon - no problem.

A few days ago I installed 2 new servers with FreeBSD 5.2-CURRENT
(compiled with IPSEC and IPFW options) and racoon with the same
configuration. Now racoon stop after phase1. Below what it tells
me in verbose mode (ip addresses forged).

Any idea what can be the problem?
Did anybody get IPSEC with racoon running on FreeBSD 5.2-CURRENT?


###############################################################
Foreground mode.
2004-01-12 16:12:10: INFO: main.c:172:main(): @(#)package version
freebsd-20030826a
2004-01-12 16:12:10: INFO: main.c:174:main(): @(#)internal version 20001216
sakane at kame.net
2004-01-12 16:12:10: INFO: main.c:175:main(): @(#)This product linked
OpenSSL 0.9.7c 30 Sep 2003 (http://www.openssl.org/)
2004-01-12 16:12:10: WARNING: cftoken.l:514:yywarn():
/usr/local/etc/racoon/racoon.conf:54: "support_mip6" it is obsoleted.  use
"support_proxy".
2004-01-12 16:12:10: INFO: isakmp.c:1358:isakmp_open(): fe80::1%lo0[500]
used as isakmp port (fd=5)
2004-01-12 16:12:10: INFO: isakmp.c:1358:isakmp_open(): ::1[500] used as
isakmp port (fd=6)
2004-01-12 16:12:10: INFO: isakmp.c:1358:isakmp_open(): 127.0.0.1[500] used
as isakmp port (fd=7)
2004-01-12 16:12:10: INFO: isakmp.c:1358:isakmp_open():
fe80::202:b3ff:fed9:b8fa%fxp0[500] used as isakmp port (fd=8)
2004-01-12 16:12:10: INFO: isakmp.c:1358:isakmp_open(): 11.11.11.11[500]
used as isakmp port (fd=9)
2004-01-12 16:12:10: INFO: isakmp.c:1358:isakmp_open():
fe80::20b:cdff:fe6d:2ae1%bge0[500] used as isakmp port (fd=10)
2004-01-12 16:12:10: INFO: isakmp.c:1358:isakmp_open(): 10.113.2.2[500] used
as isakmp port (fd=11)


2004-01-12 16:12:14: INFO: isakmp.c:894:isakmp_ph1begin_r(): respond new
phase 1 negotiation: 11.11.11.11[500]<=>22.22.22.22[500]
2004-01-12 16:12:14: INFO: isakmp.c:899:isakmp_ph1begin_r(): begin
Aggressive mode.
2004-01-12 16:12:14: NOTIFY: oakley.c:2040:oakley_skeyid(): couldn't find
the proper pskey, try to get one by the peer's address.
2004-01-12 16:12:14: INFO: isakmp.c:1703:isakmp_post_acquire(): request for
establishing IPsec-SA was queued due to no phase1 found.
#################################################################

Mit freundlichen Grüssen / Best regards

 Enrico Sessler 

 SGN - SCA Global Network

 Tel.:   +49 (0) 8035 80-611
 Mobile: +49 (0) 172 86 59 723
 Fax:    +49 (0) 8035 80-610
 mailto:Enrico.Sessler at sca.com

More information about the freebsd-current mailing list