[Bug 222065] security/ipsec-tools: racoon initiates phase 1 to wrong port
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Sep 5 10:10:44 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222065
Bug ID: 222065
Summary: security/ipsec-tools: racoon initiates phase 1 to
wrong port
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: vanhu at FreeBSD.org
Reporter: aragon at phat.za.net
Flags: maintainer-feedback?(vanhu at FreeBSD.org)
Assignee: vanhu at FreeBSD.org
FreeBSD 11.1-RELEASE
ipsec-tools 0.8.2_2
My SPD:
# setkey -DP
1.2.3.4[1701] 0.0.0.0/0[any] udp
in ipsec
esp/transport//require
spid=25 seq=1 pid=32733 scope=global
refcnt=1
0.0.0.0/0[any] 1.2.3.4[1701] udp
out ipsec
esp/transport//require
spid=26 seq=0 pid=32733 scope=global
refcnt=1
When I send outbound traffic to 1.2.3.4 UDP port 1701, racoon is notified, but
attempts to initiate phase 1 to UDP port 1701!
Sep 5 12:06:09 <daemon.info> roo racoon: INFO: IPsec-SA request for 1.2.3.4
queued due to no phase1 found.
Sep 5 12:06:09 <daemon.info> roo racoon: INFO: initiate new phase 1
negotiation: 197.215.183.141[500]<=>1.2.3.4[1701]
Sep 5 12:06:09 <daemon.info> roo racoon: INFO: begin Aggressive mode.
Sep 5 12:06:41 <daemon.info> roo racoon: [1.2.3.4] ERROR: phase2 negotiation
failed due to time up waiting for phase1. ESP 1.2.3.4[1701]->197.215.183.141[0]
Sep 5 12:06:41 <daemon.info> roo racoon: INFO: delete phase 2 handler.
Sep 5 12:06:59 <daemon.info> roo racoon: ERROR: phase1 negotiation failed due
to time up. 189c35dfee4f4eac:0000000000000000
If I remove the port specifier from my SPD, then racoon behaves normally (uses
port 500).
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list