Package: racoon Version: 1:0.6.2-2 Followup-For: Bug #341398
I've found that this configuration that works with 0.6.2-2, doesn't with 0.6.4-1. This is /etc/ipsec-tools.conf: flush; spdflush; spdadd 192.168.1.250 192.168.1.248 any -P out ipsec esp/transport//require; spdadd 192.168.1.248 192.168.1.250 any -P in ipsec esp/transport//require; And /etc/racoon/racoon.conf: path pre_shared_key "/etc/racoon/psk.txt"; remote 192.168.1.248 { exchange_mode main; proposal { encryption_algorithm 3des; hash_algorithm md5; authentication_method pre_shared_key; dh_group modp1024; } } sainfo address 192.168.1.250 any address 192.168.1.248 any { pfs_group modp768; encryption_algorithm 3des; authentication_algorithm hmac_md5; compression_algorithm deflate; } sainfo address 192.168.1.250[500] any address 192.168.1.248[500] any { pfs_group modp768; encryption_algorithm 3des; authentication_algorithm hmac_md5; compression_algorithm deflate; } (The sainfo for port 500 is needed with racoon 0.6.2-2 in order to be able to negotiate SAs when 192.168.1.250 is the /receiver/ of the network packet triggering the negotiation. I don't know why). When I install 0.6.4-1 and try to ping 192.168.1.248, I get this in the system log: ## start racoon Feb 5 01:01:36 genus racoon: INFO: @(#)ipsec-tools 0.6.4 (http://ipsec-tools.sourceforge.net) Feb 5 01:01:36 genus racoon: INFO: @(#)This product linked OpenSSL 0.9.8a 11 Oct 2005 (http://www.openssl.org/) Feb 5 01:01:36 genus racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=7) Feb 5 01:01:36 genus racoon: INFO: 127.0.0.1[500] used for NAT-T Feb 5 01:01:36 genus racoon: INFO: 192.168.1.250[500] used as isakmp port (fd=8) Feb 5 01:01:36 genus racoon: INFO: 192.168.1.250[500] used for NAT-T Feb 5 01:01:36 genus racoon: INFO: fe80::208:a1ff:fe11:c96b%eth0[500] used as isakmp port (fd=9) Feb 5 01:01:36 genus racoon: INFO: ::1[500] used as isakmp port (fd=10) Feb 5 01:01:36 genus racoon: INFO: fe80::349d:d4ff:fe86:2481%tap0[500] used as isakmp port (fd=11) Feb 5 01:01:36 genus racoon: INFO: fe80::208:a1ff:fe11:c96b%br0[500] used as isakmp port (fd=12) ## end of start Feb 5 01:01:58 genus racoon: ERROR: failed to get sainfo. The message appears immediately and no network traffic is generated (or at least, the output of 'racoon -d' doesn't say so). My kernel is a vanilla 2.6.14 with minor modifications to the console and keyboard drivers. I don't have libipsec installed. I don't think this is relevant, but just in case: 192.168.1.248 is actually an UML box. So I have uml-utilities and a bridge. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-hue Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to es_ES.UTF-8) Versions of packages racoon depends on: ii debconf [debconf-2.0] 1.4.68 Debian configuration management sy ii ipsec-tools 1:0.6.2-2 IPsec tools for Linux ii libc6 2.3.5-12 GNU C Library: Shared libraries an ii libssl0.9.8 0.9.8a-5 SSL shared libraries ii perl 5.8.7-10 Larry Wall's Practical Extraction racoon recommends no packages. -- debconf information: * racoon/config_mode: direct -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]