Date: Fri, 6 Sep 2002 13:26:50 -0600 From: Tillman Hodgson <tillman@seekingfire.com> To: Mike Tancsa <mike@sentex.net> Cc: questions@FreeBSD.ORG Subject: Re: IPSEC & routing w/o gif Message-ID: <20020906132649.A15029@seekingfire.com> In-Reply-To: <20020905232857.C13151@seekingfire.com>; from tillman@seekingfire.com on Thu, Sep 05, 2002 at 11:28:57PM -0600 References: <vq9gnu0qk29fjk0un4tne8vku57f33vmh2@4ax.com> <mailman.1031178127.4718.fquestions-l@lists.sentex.ca> <vq9gnu0qk29fjk0un4tne8vku57f33vmh2@4ax.com> <20020905225049.A13151@seekingfire.com> <5.1.0.14.0.20020906010034.03d89220@192.168.0.12> <20020905232857.C13151@seekingfire.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 05, 2002 at 11:28:57PM -0600, Tillman Hodgson wrote:
> On Fri, Sep 06, 2002 at 01:04:51AM -0400, Mike Tancsa wrote:
> > Have a look at the racoon.conf options, there might be a setting there I
> > think. But you might want to post the question and your config to the KAME
> > list. But I do remember reading about this on the LINUX FreeSwan page, so
> > it might be some LINUX issue. When the tunnel goes stale like that, what
> > does setkey -D show ?
>
> It looks like this:
>
> [root@coyote root]# setkey -D
> 24.72.10.212 24.72.31.206
> esp mode=tunnel spi=1426857889(0x550c1fa1) reqid=0(0x00000000)
> E: 3des-cbc 4f4e94e4 4732f5e3 ba9e7caa 67077d31 b2789394 83558afd
> A: hmac-md5 7bec6d6e 85cca86b 2aaae570 7e5e2db2
> seq=0x00000002 replay=4 flags=0x00000000 state=mature
> created: Sep 5 23:11:44 2002 current: Sep 5 23:22:06 2002
> diff: 622(s) hard: 1800(s) soft: 1440(s)
> last: Sep 5 23:22:02 2002 hard: 0(s) soft: 0(s)
> current: 272(bytes) hard: 0(bytes) soft: 0(bytes)
> allocated: 2 hard: 0 soft: 0
> sadb_seq=1 pid=75928 refcnt=2
> 24.72.31.206 24.72.10.212
> esp mode=tunnel spi=240298505(0x0e52aa09) reqid=0(0x00000000)
> E: 3des-cbc 70535711 3c3cf319 9f950f62 f3722dd6 58041014 8127e8bf
> A: hmac-md5 61caa1b4 4322665c fa29b556 78deaf4d
> seq=0x00000000 replay=4 flags=0x00000000 state=mature
> created: Sep 5 23:11:44 2002 current: Sep 5 23:22:06 2002
> diff: 622(s) hard: 1800(s) soft: 1440(s)
> last: hard: 0(s) soft: 0(s)
> current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
> allocated: 0 hard: 0 soft: 0
> sadb_seq=0 pid=75928 refcnt=1
>
> Oddly, when it's working, I seem to recall that there's *four* entries.
> I'll have to check that in the morning when I can poke the fellow
> running the other end to initiate some traffic :-)
And now I've got those four entries to show:
[root@coyote racoon]# setkey -D
24.72.10.212 24.72.31.206
esp mode=tunnel spi=1397418402(0x534ae9a2) reqid=0(0x00000000)
E: 3des-cbc 65a00b32 cd42f461 11de1d80 1f6d9d50 e4cd3cc7 560ac18d
A: hmac-md5 dfebdc30 e8b3bea8 b2ff9c51 8c20b32d
seq=0x00000000 replay=4 flags=0x00000000 state=mature
created: Sep 6 13:20:26 2002 current: Sep 6 13:23:37 2002
diff: 191(s) hard: 1800(s) soft: 1440(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=3 pid=81547 refcnt=1
24.72.10.212 24.72.31.206
esp mode=tunnel spi=1397418403(0x534ae9a3) reqid=0(0x00000000)
E: 3des-cbc 76f68dcd c222d443 a64fbf64 ca3544cb 012547ca cc4971c2
A: hmac-sha1 a5fc8187 fd1ae40c 01005514 a2f9a8c4 135703af
seq=0x00000049 replay=4 flags=0x00000000 state=mature
created: Sep 6 13:20:25 2002 current: Sep 6 13:23:37 2002
diff: 192(s) hard: 360000(s) soft: 288000(s)
last: Sep 6 13:21:39 2002 hard: 0(s) soft: 0(s)
current: 9928(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 73 hard: 0 soft: 0
sadb_seq=2 pid=81547 refcnt=2
24.72.31.206 24.72.10.212
esp mode=tunnel spi=252304984(0x0f09de58) reqid=0(0x00000000)
E: 3des-cbc 61864f7a 10defe4e 7f1820db f96a4f89 d7351f32 1ee67998
A: hmac-md5 21b12231 e4651742 ed236562 14f75830
seq=0x00000000 replay=4 flags=0x00000000 state=mature
created: Sep 6 13:20:26 2002 current: Sep 6 13:23:37 2002
diff: 191(s) hard: 1800(s) soft: 1440(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=1 pid=81547 refcnt=1
24.72.31.206 24.72.10.212
esp mode=tunnel spi=130393606(0x07c5a606) reqid=0(0x00000000)
E: 3des-cbc 298ebc7a 58f18325 e8f4fa3c b6cb5512 94cb8dca 436b7ee4
A: hmac-sha1 0740f3b6 8296606d 6f9ae9df 56239db5 c5f392fb
seq=0x0000000b replay=4 flags=0x00000000 state=mature
created: Sep 6 13:20:25 2002 current: Sep 6 13:23:37 2002
diff: 192(s) hard: 360000(s) soft: 288000(s)
last: Sep 6 13:21:39 2002 hard: 0(s) soft: 0(s)
current: 924(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 11 hard: 0 soft: 0
sadb_seq=0 pid=81547 refcnt=1
Right around the time that my conenction goes stale, I get this:
2002-09-06 13:05:42: INFO: isakmp.c:1513:isakmp_ph1expire(): ISAKMP-SA expired 24.72.10.212[500]-24.72.31.206[500] spi:cd30d5a5da6a70d0:e8f9170a412ffe57
2002-09-06 13:05:43: INFO: isakmp.c:1561:isakmp_ph1delete(): ISAKMP-SA deleted 24.72.10.212[500]-24.72.31.206[500] spi:cd30d5a5da6a70d0:e8f9170a412ffe57
2002-09-06 13:05:43: ERROR: isakmp.c:463:isakmp_main(): unknown Informational exchange received.
2002-09-06 13:06:33: INFO: isakmp.c:1597:isakmp_ph2expire(): phase2 sa expired 24.72.10.212-24.72.31.206
2002-09-06 13:06:34: ERROR: isakmp.c:463:isakmp_main(): unknown Informational exchange received.
2002-09-06 13:06:34: INFO: isakmp.c:1628:isakmp_ph2delete(): phase2 sa deleted 24.72.10.212-24.72.31.206
Thanks muchly for your help,
- Tillman
--
Learning isn't a means to an end; it is an end in itself.
Robert Heinlein
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020906132649.A15029>