From owner-freebsd-current@FreeBSD.ORG  Sat Sep 11 23:35:24 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BF98016A4CE
	for <freebsd-current@freebsd.org>;
	Sat, 11 Sep 2004 23:35:24 +0000 (GMT)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.186])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 071B843D1F
	for <freebsd-current@freebsd.org>;
	Sat, 11 Sep 2004 23:35:15 +0000 (GMT)
	(envelope-from gwk@rahn-koltermann.de)
Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1C6HOj-0001v5-00
	for freebsd-current@freebsd.org; Sun, 12 Sep 2004 01:35:13 +0200
Received: from [217.232.140.192] (helo=[192.168.0.3])
	by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1)
	id 1C6HOj-00017a-00
	for freebsd-current@freebsd.org; Sun, 12 Sep 2004 01:35:13 +0200
From: "Georg-W. Koltermann" <gwk@rahn-koltermann.de>
To: freebsd-current@freebsd.org
Content-Type: text/plain
Message-Id: <1094945709.15216.4.camel@localhost.muc.eu.mscsoftware.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.6 
Date: Sun, 12 Sep 2004 01:35:09 +0200
Content-Transfer-Encoding: 7bit
X-Provags-ID: kundenserver.de abuse@kundenserver.de
	auth:90bcaad5e51ecc993b2919ba4b74e6dc
Subject: [5.3-BETA3] no IPSEC connection to 5.2.1 box
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Sep 2004 23:35:24 -0000

Hi,

I don't get my IPSEC connection to run. This system is 5.3-BETA3, the
other system is 5.2.1.  Both use FAST_IPSEC.  Keys are negotiated by
racoon.

This system logs:

        Sep 12 01:28:43 hunter racoon: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin Aggressive mode.
        Sep 12 01:28:43 hunter racoon: INFO: vendorid.c:128:check_vendorid(): received Vendor ID: KAME/racoon
        Sep 12 01:28:43 hunter racoon: NOTIFY: oakley.c:2084:oakley_skeyid(): couldn't find the proper pskey, try to get one by the peer's address.
        Sep 12 01:28:43 hunter racoon: INFO: isakmp.c:2459:log_ph1established(): ISAKMP-SA established 10.0.0.3[500]-10.0.0.2[500] spi:089d678f545f30a1:b029dca9f1b19b03
        Sep 12 01:28:44 hunter racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 10.0.0.3[0]<=>10.0.0.2[0]
        Sep 12 01:29:17 hunter racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 10.0.0.3[0]<=>10.0.0.2[0]
        Sep 12 01:30:07 hunter last message repeated 2 times
        Sep 12 01:30:23 hunter named[369]: Err/TO getting serial# for "0.168.192.IN-ADDR.ARPA"
        Sep 12 01:30:29 hunter racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 10.0.0.3[0]<=>10.0.0.2[0]
        Sep 12 01:30:29 hunter racoon: ERROR: pfkey.c:1076:pk_sendupdate(): libipsec failed send update (No buffer space available)
        Sep 12 01:30:29 hunter racoon: ERROR: isakmp_quick.c:651:quick_i2send(): pfkey update failed.
        Sep 12 01:30:29 hunter racoon: ERROR: isakmp.c:750:quick_main(): failed to process packet.
        Sep 12 01:30:29 hunter racoon: ERROR: isakmp.c:541:isakmp_main(): phase2 negotiation failed.
        Sep 12 01:30:57 hunter racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 10.0.0.3[0]<=>10.0.0.2[0]
        Sep 12 01:31:21 hunter racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 10.0.0.3[0]<=>10.0.0.2[0]

The other system logs:

        Sep 12 01:29:37 bat racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond new phase 2 negotiation: 10.0.0.2[0]<=>10.0.0.3[0]
        Sep 12 01:29:37 bat racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA established: ESP/Transport 10.0.0.3->10.0.0.2 spi=265528800(0xfd3a5e0)
        Sep 12 01:29:37 bat racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA established: ESP/Transport 10.0.0.2->10.0.0.3 spi=41763698(0x27d4372)
        Sep 12 01:30:10 bat racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond new phase 2 negotiation: 10.0.0.2[0]<=>10.0.0.3[0]
        Sep 12 01:30:10 bat racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA established: ESP/Transport 10.0.0.3->10.0.0.2 spi=26763127(0x1985f77)
        Sep 12 01:30:10 bat racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA established: ESP/Transport 10.0.0.2->10.0.0.3 spi=205325487(0xc3d04af)

I should also mention that my ports (i.e. racoon) are still the binaries
from 5.2.1 (mounted from the old partition due to space constraints).

Do I need to recompile racoon for 5.3?

--
Regards,
Georg.