racoon with freebsd-4.11 crashes

priya yelgar yelgar_priya at yahoo.co.in
Wed Dec 7 23:49:57 PST 2005 

Hi

Running racoon on a Freebsd-4.11 machine gives a
kernel panic.

I am using the racoon from ports directory
'/usr/ports/security/racoon/ 'which comes with the
freebsd installation. It installed the racoon in
/usr/local/sbin/racoon'.

Steps followed are as shown below:

        racoon -f /usr/local/etc/racoon/raccon.conf
        setkey -f ipsec.conf

        ping -c 1 <ip_of_the_other_gw>

Ping of a one packet leades into a kernel panic.

TO apply the outbound SA to the ping packet it is
going in "key_checkrequest" in key.c file and crashing
there.

As I know  "key_checkrequest" is used to apply a
exsiting SA to a outgoing packet.

But in case of racoon the first ping packet is used
for negotiation with other gateway to establish the
SA.

I am not understading as to why it is going in
key_checkrequest and crashing.

Please anyone who have used racoon with FreeDS-4.11
can guide me if i am doing something wrong. The config
file is given below.

I have compiled the kernel with IPSEC ,IPSEC_ESP
options.

I am using a preshared key file.

my configuration file is given below:

#!/usr/local/bin/racoon

# CONFIGURATION FILE FOR 192.168.190.44

path include "/root";

path pre_shared_key "/root/psk.txt";
log debug2;

padding {
	maximum_length 20;
	randomize off;
	strict_check off;
	exclusive_tail off;
}

listen {
	isakmp 192.168.190.43 [500];
}

timer {
	counter 5;
	interval 20 sec;
	persend 1;
	phase1 30 sec;
	phase2 15 sec;
}

remote 192.168.190.43 {
	exchange_mode main;
	doi ipsec_doi;
	situation identity_only;

	my_identifier address 192.168.190.44;
	peers_identifier address 192.168.190.43;
	lifetime time 24 hour;
	nonce_size 16;
	initial_contact on;
	proposal_check obey;
	proposal {
		encryption_algorithm 3des;
		hash_algorithm sha1;
		authentication_method pre_shared_key;
		dh_group 1;
	}
}

sainfo address 192.168.190.44 any address
192.168.190.43 any
{
	pfs_group 1;
	lifetime time 2 hour;
	encryption_algorithm 3des;
	authentication_algorithm hmac_sha1;
	compression_algorithm deflate;
}


Thanks in advance
Priya



		
__________________________________________________________ 
Yahoo! India Matrimony: Find your partner now. Go to http://yahoo.shaadi.com

More information about the freebsd-ports mailing list