Package: racoon
Version: 1:0.6.2-2
Followup-For: Bug #341398
I've found that this configuration that works with 0.6.2-2, doesn't with
0.6.4-1. This is /etc/ipsec-tools.conf:

flush;
spdflush;
spdadd 192.168.1.250 192.168.1.248 any -P out ipsec esp/transport//require;
spdadd 192.168.1.248 192.168.1.250 any -P in  ipsec esp/transport//require;

And /etc/racoon/racoon.conf:

path pre_shared_key "/etc/racoon/psk.txt";
remote 192.168.1.248 {
        exchange_mode main;
        proposal {
                encryption_algorithm 3des;
                hash_algorithm md5;
                authentication_method pre_shared_key;
                dh_group modp1024;
        }
}
sainfo address 192.168.1.250 any address 192.168.1.248 any {
        pfs_group modp768;
        encryption_algorithm 3des;
        authentication_algorithm hmac_md5;
        compression_algorithm deflate;
}
sainfo address 192.168.1.250[500] any address 192.168.1.248[500] any {
        pfs_group modp768;
        encryption_algorithm 3des;
        authentication_algorithm hmac_md5;
        compression_algorithm deflate;
}

(The sainfo for port 500 is needed with racoon 0.6.2-2 in order to be able
to negotiate SAs when 192.168.1.250 is the /receiver/ of the network packet
triggering the negotiation. I don't know why).

When I install 0.6.4-1 and try to ping 192.168.1.248, I get this in the
system log:

## start racoon
Feb  5 01:01:36 genus racoon: INFO: @(#)ipsec-tools 0.6.4 
(http://ipsec-tools.sourceforge.net)
Feb  5 01:01:36 genus racoon: INFO: @(#)This product linked OpenSSL 0.9.8a 11 
Oct 2005 (http://www.openssl.org/)
Feb  5 01:01:36 genus racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=7)
Feb  5 01:01:36 genus racoon: INFO: 127.0.0.1[500] used for NAT-T
Feb  5 01:01:36 genus racoon: INFO: 192.168.1.250[500] used as isakmp port 
(fd=8)
Feb  5 01:01:36 genus racoon: INFO: 192.168.1.250[500] used for NAT-T
Feb  5 01:01:36 genus racoon: INFO: fe80::208:a1ff:fe11:c96b%eth0[500] used as 
isakmp port (fd=9)
Feb  5 01:01:36 genus racoon: INFO: ::1[500] used as isakmp port (fd=10)
Feb  5 01:01:36 genus racoon: INFO: fe80::349d:d4ff:fe86:2481%tap0[500] used as 
isakmp port (fd=11)
Feb  5 01:01:36 genus racoon: INFO: fe80::208:a1ff:fe11:c96b%br0[500] used as 
isakmp port (fd=12)
## end of start
Feb  5 01:01:58 genus racoon: ERROR: failed to get sainfo.

The message appears immediately and no network traffic is generated (or at
least, the output of 'racoon -d' doesn't say so).

My kernel is a vanilla 2.6.14 with minor modifications to the console and
keyboard drivers. I don't have libipsec installed.

I don't think this is relevant, but just in case: 192.168.1.248 is actually
an UML box. So I have uml-utilities and a bridge.


-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-hue
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to es_ES.UTF-8)

Versions of packages racoon depends on:
ii  debconf [debconf-2.0]         1.4.68     Debian configuration management sy
ii  ipsec-tools                   1:0.6.2-2  IPsec tools for Linux
ii  libc6                         2.3.5-12   GNU C Library: Shared libraries an
ii  libssl0.9.8                   0.9.8a-5   SSL shared libraries
ii  perl                          5.8.7-10   Larry Wall's Practical Extraction 

racoon recommends no packages.

-- debconf information:
* racoon/config_mode: direct


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to