[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec-tools-devel
Subject: Re: [Ipsec-tools-devel] what is wrong with my conf ?
From: Daniel Chojecki <daniel.chojecki () gmail ! com>
Date: 2008-02-11 11:11:25
Message-ID: 47B02D5D.6090200 () gmail ! com
[Download RAW message or body]
VANHULLEBUS Yvan pisze:
> Can you test again, with ipsec-tools-0.7-beta2+new kernel and/or with
> ipsec-tools-0.7+old kernel ?
i have checked with old kernel and ipsec-tools - the same.
Meantime i have installed latest 2.6.24.2 kernel.
I have found something strange in logs:
Feb 11 12:02:12 ipsecgw-node1 racoon: INFO: @(#)ipsec-tools 0.7
(http://ipsec-tools.sourceforge.net)
Feb 11 12:02:12 ipsecgw-node1 racoon: INFO: @(#)This product linked
OpenSSL 0.9.8d 28 Sep 2006 (http://www.openssl.org/)
Feb 11 12:02:12 ipsecgw-node1 racoon: INFO: Reading configuration from
"/usr/local/etc/racoon.conf"
Feb 11 12:02:12 ipsecgw-node1 racoon: INFO: Resize address pool from 0
to 255
Feb 11 12:02:12 ipsecgw-node1 racoon: NOTIFY: NAT-T is enabled,
autoconfiguring ports
Feb 11 12:02:12 ipsecgw-node1 racoon: INFO: 127.0.0.1[500] used as
isakmp port (fd=7)
Feb 11 12:02:12 ipsecgw-node1 racoon: INFO: 127.0.0.1[500] used for NAT-T
Feb 11 12:02:12 ipsecgw-node1 racoon: INFO: 127.0.0.1[4500] used as
isakmp port (fd=8)
Feb 11 12:02:12 ipsecgw-node1 racoon: INFO: 127.0.0.1[4500] used for NAT-T
Feb 11 12:02:12 ipsecgw-node1 racoon: INFO: xxx.xxx.xxx.xxx[500] used as
isakmp port (fd=9)
Feb 11 12:02:12 ipsecgw-node1 racoon: INFO: xxx.xxx.xxx.xxx[500] used
for NAT-T
Feb 11 12:02:12 ipsecgw-node1 racoon: INFO: xxx.xxx.xxx.xxx[4500] used
as isakmp port (fd=10)
Feb 11 12:02:12 ipsecgw-node1 racoon: INFO: xxx.xxx.xxx.xxx[4500] used
for NAT-T
Feb 11 12:02:12 ipsecgw-node1 racoon: INFO: 10.10.51.31[500] used as
isakmp port (fd=11)
Feb 11 12:02:12 ipsecgw-node1 racoon: INFO: 10.10.51.31[500] used for NAT-T
Feb 11 12:02:12 ipsecgw-node1 racoon: INFO: 10.10.51.31[4500] used as
isakmp port (fd=12)
Feb 11 12:02:12 ipsecgw-node1 racoon: INFO: 10.10.51.31[4500] used for NAT-T
Feb 11 12:02:20 ipsecgw-node1 racoon: INFO: respond new phase 1
negotiation: xxx.xxx.xxx.xxx[500]<=>77.112.75.7[500]
Feb 11 12:02:20 ipsecgw-node1 racoon: INFO: begin Identity Protection mode.
Feb 11 12:02:20 ipsecgw-node1 racoon: INFO: received Vendor ID:
draft-ietf-ipsra-isakmp-xauth-06.txt
Feb 11 12:02:20 ipsecgw-node1 racoon: INFO: received Vendor ID:
draft-ietf-ipsec-nat-t-ike-02
Feb 11 12:02:20 ipsecgw-node1 racoon: INFO: received Vendor ID: RFC 3947
Feb 11 12:02:20 ipsecgw-node1 racoon: INFO: received broken Microsoft
ID: FRAGMENTATION
Feb 11 12:02:20 ipsecgw-node1 racoon: INFO: received Vendor ID: DPD
Feb 11 12:02:20 ipsecgw-node1 racoon: INFO: received Vendor ID: CISCO-UNITY
Feb 11 12:02:20 ipsecgw-node1 racoon: INFO: Selected NAT-T version: RFC 3947
Feb 11 12:02:20 ipsecgw-node1 racoon: INFO: Adding xauth VID payload.
Feb 11 12:02:20 ipsecgw-node1 racoon: INFO: Hashing xxx.xxx.xxx.xxx[500]
with algo #1
Feb 11 12:02:20 ipsecgw-node1 racoon: INFO: NAT-D payload #0 verified
Feb 11 12:02:20 ipsecgw-node1 racoon: INFO: Hashing 77.112.75.7[500]
with algo #1
Feb 11 12:02:20 ipsecgw-node1 racoon: INFO: NAT-D payload #1 verified
Feb 11 12:02:20 ipsecgw-node1 racoon: INFO: NAT not detected
Feb 11 12:02:20 ipsecgw-node1 racoon: INFO: Hashing 77.112.75.7[500]
with algo #1
Feb 11 12:02:20 ipsecgw-node1 racoon: INFO: Hashing xxx.xxx.xxx.xxx[500]
with algo #1
Feb 11 12:02:20 ipsecgw-node1 racoon: INFO: Adding remote and local
NAT-D payloads.
Feb 11 12:02:20 ipsecgw-node1 racoon: INFO: NAT-T: ports changed to:
77.112.75.7[4500]<->xxx.xxx.xxx.xxx[4500]
Feb 11 12:02:20 ipsecgw-node1 racoon: WARNING: No ID match.
Feb 11 12:02:20 ipsecgw-node1 racoon: INFO: No SIG was passed, but
hybrid auth is enabled
Feb 11 12:02:20 ipsecgw-node1 racoon: INFO: Sending Xauth request
Feb 11 12:02:20 ipsecgw-node1 racoon: INFO: ISAKMP-SA established
xxx.xxx.xxx.xxx[4500]-77.112.75.7[4500]
spi:efde654ae2b59094:204399046e28df30
Feb 11 12:02:21 ipsecgw-node1 racoon: INFO: Using port 0
Feb 11 12:02:21 ipsecgw-node1 racoon: INFO: ldap returned modecfg
address 10.10.52.2
Feb 11 12:02:21 ipsecgw-node1 racoon: INFO: ldap returned modecfg
netmask 255.255.255.0
Feb 11 12:02:21 ipsecgw-node1 racoon: INFO: attempting ldap bind for dn
'uid=boka,ou=Users,dc=DOM,dc=PL'
Feb 11 12:02:21 ipsecgw-node1 racoon: INFO: login succeeded for user "boka"
Feb 11 12:02:31 ipsecgw-node1 racoon: INFO: respond new phase 2
negotiation: xxx.xxx.xxx.xxx[4500]<=>77.112.75.7[4500]
Feb 11 12:02:31 ipsecgw-node1 racoon: INFO: no policy found, try to
generate the policy : 10.10.52.2/32[0] 10.10.0.0/16[0] proto=any dir=in
Feb 11 12:02:31 ipsecgw-node1 racoon: INFO: IPsec-SA established:
ESP/Tunnel 77.112.75.7[0]->xxx.xxx.xxx.xxx[0] spi=143322318(0x88aecce)
Feb 11 12:02:31 ipsecgw-node1 racoon: INFO: IPsec-SA established:
ESP/Tunnel xxx.xxx.xxx.xxx[4500]->77.112.75.7[4500]
spi=3103342626(0xb8f94022)
Feb 11 12:02:31 ipsecgw-node1 racoon: ERROR: pfkey X_SPDUPDATE failed:
Invalid argument
Feb 11 12:02:31 ipsecgw-node1 racoon: ERROR: pfkey X_SPDUPDATE failed:
Invalid argument
Is is right ?
Best Regards
Daniel
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Ipsec-tools-devel mailing list
Ipsec-tools-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic