ipsec and freebsd 5.3-beta

Sat Sep 25 06:44:43 PDT 2004

I write MSIZE=512 in my config kernel ?
----- Original Message ----- 
From: "Arne Schwabe" <arne at rfc2549.org>
To: "cell" <bettan at nerim.net>
Cc: <freebsd-current at freebsd.org>
Sent: Saturday, September 25, 2004 3:20 PM
Subject: Re: ipsec and freebsd 5.3-beta


> "cell" <bettan at nerim.net> writes:
>
> > hello , i tried to configure ipsec in my freebsd with racoon for a wifi
connection with a laptop on windows xp home but i have problem.I have used
this tutorial http://ezine.daemonnews.org/200401/wifi-ipsec.html and when i
run racoon with "racoon -F -v" j'ai :
> >
> > # racoon -F -v
> > Foreground mode.
> > 2004-09-25 12:19:27: INFO: main.c:172:main(): @(#)package version
freebsd-20040818a
> > 2004-09-25 12:19:27: INFO: main.c:174:main(): @(#)internal version
20001216 sakane at kame.net
> > 2004-09-25 12:19:27: INFO: main.c:175:main(): @(#)This product linked
OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/)
> > 2004-09-25 12:19:27: WARNING: cftoken.l:514:yywarn():
/usr/local/etc/racoon/racoon.conf:66: "support_mip6" it is obsoleted.  use
"support_proxy".
> > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open():
fe80::2bd:fbff:fe03:1%tap1[500] used as isakmp port (fd=5)
> > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open():
fe80::2bd:f7ff:fe03:0%tap0[500] used as isakmp port (fd=6)
> > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open():
62.212.121.38[500] used as isakmp port (fd=7)
> > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open():
fe80::20a:5eff:fe3e:ebf7%tun0[500] used as isakmp port (fd=8)
> > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): fe80::1%lo0[500]
used as isakmp port (fd=9)
> > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): ::1[500] used as
isakmp port (fd=10)
> > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): 127.0.0.1[500]
used as isakmp port (fd=11)
> > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open():
fe80::205:5dff:fea2:98ef%vr1[500] used as isakmp port (fd=12)
> > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): 10.0.0.1[500]
used as isakmp port (fd=13)
> > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open():
fe80::205:5dff:fe64:5a87%vr0[500] used as isakmp port (fd=14)
> > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): 192.168.3.1[500]
used as isakmp port (fd=15)
> > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open():
2001:7a8:3d26::1[500] used as isakmp port (fd=16)
> > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open():
fe80::20a:5eff:fe3e:ebf7%xl0[500] used as isakmp port (fd=17)
> > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): 192.168.1.1[500]
used as isakmp port (fd=18)
> > 2004-09-25 12:20:07: INFO: isakmp.c:904:isakmp_ph1begin_r(): respond new
phase 1 negotiation: 192.168.3.1[500]<=>192.168.3.3[500]
> > 2004-09-25 12:20:07: INFO: isakmp.c:909:isakmp_ph1begin_r(): begin
Identity Protection mode.
> > 2004-09-25 12:20:07: INFO: vendorid.c:128:check_vendorid(): received
Vendor ID: MS NT5 ISAKMPOAKLEY
> > 2004-09-25 12:20:07: WARNING: ipsec_doi.c:3064:ipsecdoi_checkid1(): ID
type mismatched.
> > 2004-09-25 12:20:07: WARNING: ipsec_doi.c:3112:ipsecdoi_checkid1(): ID
value mismatched.
> > 2004-09-25 12:20:07: INFO: isakmp.c:2459:log_ph1established(): ISAKMP-SA
established 192.168.3.1[500]-192.168.3.3[500]
spi:0ae2df7beb89619e:2202b5a1db9ba88a
> > 2004-09-25 12:20:07: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond
new phase 2 negotiation: 192.168.3.1[0]<=>192.168.3.3[0]
> > 2004-09-25 12:20:07: ERROR: pfkey.c:1076:pk_sendupdate(): libipsec
failed send update (No buffer space available)
> > 2004-09-25 12:20:07: ERROR: isakmp_quick.c:1615:quick_r3prep(): pfkey
update failed.
> > 2004-09-25 12:20:07: ERROR: isakmp.c:750:quick_main(): failed to process
packet.
> > 2004-09-25 12:20:07: ERROR: isakmp.c:541:isakmp_main(): phase2
negotiation failed.
>
> Look into the "Ipsec broken in 5.3" or something like this a few
> hours ago.
>
> A temporary workaround is to set MSIZE=512 in your kernel config.
>
> Arne