Date: Thu, 31 Oct 2002 18:44:29 +0800 From: suken woo <wsk@mail.gddsn.org.cn> To: freebsd-security@freebsd.org, freebsd-questions <freebsd-questions@freebsd.org>, freebsd-stable@freebsd.org Subject: why my kernel log always said: /kernel: IPv4 ESP input: no key association found for spi xxxxxx Message-ID: <3DC1098D.3060704@mail.gddsn.org.cn>
next in thread | raw e-mail | index | archive | help
running racoon&ipsec on my FBSD4.6-STABLE.the kernel log always sai
/kernel: IPv4 ESP input: no key association found for spi
and the worsed problem is that :
sometime my box can not connect to the other peers for long time before
restart racoon. especially, if two peers restart racoon on same time ,
It would
connected soon? what's the problem?
any help with appreciates:
PS: here's my racoon.conf
log notify;
path pre_shared_key "/usr/local/etc/racoon/psk.txt" ;
listen{
isakmp xxx.xxx.xxx.xxx [500];
}
remote anonymous
{
#exchange_mode main,aggressive;
exchange_mode aggressive,main;
doi ipsec_doi;
situation identity_only;
nonce_size 16;
lifetime time 2 hour; # sec,min,hour
initial_contact on;
support_mip6 on;
proposal_check obey; # obey, strict or claim
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key ;
dh_group 2 ;
}
}
sainfo anonymous
{
pfs_group 2;
lifetime time 1 hour;
encryption_algorithm 3des ;
authentication_algorithm hmac_sha1;
compression_algorithm deflate ;
}
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DC1098D.3060704>