racoon with freebsd-4.11 crashes
priya yelgar
yelgar_priya at yahoo.co.in
Wed Dec 7 23:49:57 PST 2005
Hi
Running racoon on a Freebsd-4.11 machine gives a
kernel panic.
I am using the racoon from ports directory
'/usr/ports/security/racoon/ 'which comes with the
freebsd installation. It installed the racoon in
/usr/local/sbin/racoon'.
Steps followed are as shown below:
racoon -f /usr/local/etc/racoon/raccon.conf
setkey -f ipsec.conf
ping -c 1 <ip_of_the_other_gw>
Ping of a one packet leades into a kernel panic.
TO apply the outbound SA to the ping packet it is
going in "key_checkrequest" in key.c file and crashing
there.
As I know "key_checkrequest" is used to apply a
exsiting SA to a outgoing packet.
But in case of racoon the first ping packet is used
for negotiation with other gateway to establish the
SA.
I am not understading as to why it is going in
key_checkrequest and crashing.
Please anyone who have used racoon with FreeDS-4.11
can guide me if i am doing something wrong. The config
file is given below.
I have compiled the kernel with IPSEC ,IPSEC_ESP
options.
I am using a preshared key file.
my configuration file is given below:
#!/usr/local/bin/racoon
# CONFIGURATION FILE FOR 192.168.190.44
path include "/root";
path pre_shared_key "/root/psk.txt";
log debug2;
padding {
maximum_length 20;
randomize off;
strict_check off;
exclusive_tail off;
}
listen {
isakmp 192.168.190.43 [500];
}
timer {
counter 5;
interval 20 sec;
persend 1;
phase1 30 sec;
phase2 15 sec;
}
remote 192.168.190.43 {
exchange_mode main;
doi ipsec_doi;
situation identity_only;
my_identifier address 192.168.190.44;
peers_identifier address 192.168.190.43;
lifetime time 24 hour;
nonce_size 16;
initial_contact on;
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 1;
}
}
sainfo address 192.168.190.44 any address
192.168.190.43 any
{
pfs_group 1;
lifetime time 2 hour;
encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
Thanks in advance
Priya
__________________________________________________________
Yahoo! India Matrimony: Find your partner now. Go to http://yahoo.shaadi.com
More information about the freebsd-ports
mailing list