racoon with freebsd-4.11 crashes

priya yelgar yelgar_priya at yahoo.co.in
Wed Dec 7 21:03:20 PST 2005


Hi

Running racoon on a Freebsd-4.11 machine gives a
kernel panic.
I am using the racoon from ports directory which comes
with the freebsd installation.

Steps followed are as shown below:

        racoon -f /usr/local/etc/racoon/raccon.conf
        setkey -f ipsec.conf

        ping -c 1 <ip_of_the_other_gw>

The ping will lead into a crash.
The crash dump looks like for th ping packet it is
going to apply a SA.
It is going in "key_checkrequest" in key.c file and
crashing there.

As I know  "key_checkrequest" is used to apply a
exsiting SA to a outgoing packet.

But in case of racoon the first ping packet is used
for negotiation with other gateway to establish the
SA.

I am not understading as to why it is going in
key_checkrequest ans crashing.

Please anyone who have used racoon with hfreebsd-4.11
can guide me if i am doing something wrong. The config
file is given below.

I have compiled the kernel with IPSEC ,IPSEC_ESP
options.

I am using a preshared key file.

my configuration file is given below:

#!/usr/local/bin/racoon

# CONFIGURATION FILE FOR 192.168.190.44

path include "/root";

path pre_shared_key "/root/psk.txt";
log debug2;

padding {
	maximum_length 20;
	randomize off;
	strict_check off;
	exclusive_tail off;
}

listen {
	isakmp 192.168.190.43 [500];
}

timer {
	counter 5;
	interval 20 sec;
	persend 1;
	phase1 30 sec;
	phase2 15 sec;
}

remote 192.168.190.43 {
	exchange_mode main;
	doi ipsec_doi;
	situation identity_only;

	my_identifier address 192.168.190.44;
	peers_identifier address 192.168.190.43;
	lifetime time 24 hour;
	nonce_size 16;
	initial_contact on;
	proposal_check obey;
	proposal {
		encryption_algorithm 3des;
		hash_algorithm sha1;
		authentication_method pre_shared_key;
		dh_group 1;
	}
}

sainfo address 192.168.190.44 any address
192.168.190.43 any
{
	pfs_group 1;
	lifetime time 2 hour;
	encryption_algorithm 3des;
	authentication_algorithm hmac_sha1;
	compression_algorithm deflate;
}


Thanks in advance
Priya



	

	
		
__________________________________________________________ 
Yahoo! India Matrimony: Find your partner now. Go to http://yahoo.shaadi.com


More information about the freebsd-net mailing list