[5.3-BETA3] no IPSEC connection to 5.2.1 box

Georg-W. Koltermann gwk at rahn-koltermann.de
Sat Sep 11 16:35:24 PDT 2004


Hi,

I don't get my IPSEC connection to run. This system is 5.3-BETA3, the
other system is 5.2.1.  Both use FAST_IPSEC.  Keys are negotiated by
racoon.

This system logs:

        Sep 12 01:28:43 hunter racoon: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin Aggressive mode.
        Sep 12 01:28:43 hunter racoon: INFO: vendorid.c:128:check_vendorid(): received Vendor ID: KAME/racoon
        Sep 12 01:28:43 hunter racoon: NOTIFY: oakley.c:2084:oakley_skeyid(): couldn't find the proper pskey, try to get one by the peer's address.
        Sep 12 01:28:43 hunter racoon: INFO: isakmp.c:2459:log_ph1established(): ISAKMP-SA established 10.0.0.3[500]-10.0.0.2[500] spi:089d678f545f30a1:b029dca9f1b19b03
        Sep 12 01:28:44 hunter racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 10.0.0.3[0]<=>10.0.0.2[0]
        Sep 12 01:29:17 hunter racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 10.0.0.3[0]<=>10.0.0.2[0]
        Sep 12 01:30:07 hunter last message repeated 2 times
        Sep 12 01:30:23 hunter named[369]: Err/TO getting serial# for "0.168.192.IN-ADDR.ARPA"
        Sep 12 01:30:29 hunter racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 10.0.0.3[0]<=>10.0.0.2[0]
        Sep 12 01:30:29 hunter racoon: ERROR: pfkey.c:1076:pk_sendupdate(): libipsec failed send update (No buffer space available)
        Sep 12 01:30:29 hunter racoon: ERROR: isakmp_quick.c:651:quick_i2send(): pfkey update failed.
        Sep 12 01:30:29 hunter racoon: ERROR: isakmp.c:750:quick_main(): failed to process packet.
        Sep 12 01:30:29 hunter racoon: ERROR: isakmp.c:541:isakmp_main(): phase2 negotiation failed.
        Sep 12 01:30:57 hunter racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 10.0.0.3[0]<=>10.0.0.2[0]
        Sep 12 01:31:21 hunter racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 10.0.0.3[0]<=>10.0.0.2[0]

The other system logs:

        Sep 12 01:29:37 bat racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond new phase 2 negotiation: 10.0.0.2[0]<=>10.0.0.3[0]
        Sep 12 01:29:37 bat racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA established: ESP/Transport 10.0.0.3->10.0.0.2 spi=265528800(0xfd3a5e0)
        Sep 12 01:29:37 bat racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA established: ESP/Transport 10.0.0.2->10.0.0.3 spi=41763698(0x27d4372)
        Sep 12 01:30:10 bat racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond new phase 2 negotiation: 10.0.0.2[0]<=>10.0.0.3[0]
        Sep 12 01:30:10 bat racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA established: ESP/Transport 10.0.0.3->10.0.0.2 spi=26763127(0x1985f77)
        Sep 12 01:30:10 bat racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA established: ESP/Transport 10.0.0.2->10.0.0.3 spi=205325487(0xc3d04af)

I should also mention that my ports (i.e. racoon) are still the binaries
from 5.2.1 (mounted from the old partition due to space constraints).

Do I need to recompile racoon for 5.3?

--
Regards,
Georg.




More information about the freebsd-current mailing list