From owner-freebsd-security  Mon Nov 26  3:47:23 2001
Delivered-To: freebsd-security@freebsd.org
Received: from highland.isltd.insignia.com (highland.isltd.insignia.com [195.74.141.1])
	by hub.freebsd.org (Postfix) with ESMTP id E046E37B41B
	for <freebsd-security@freebsd.org>; Mon, 26 Nov 2001 03:47:20 -0800 (PST)
Received: from wolf.isltd.insignia.com (wolf.isltd.insignia.com [172.16.1.3])
	by highland.isltd.insignia.com (8.11.3/8.11.3/check_local4.2) with ESMTP id fAQBlDg00838
	for <freebsd-security@freebsd.org>; Mon, 26 Nov 2001 11:47:13 GMT
Received: (from news@localhost)
	by wolf.isltd.insignia.com (8.9.3/8.9.3) id LAA24355
	for freebsd-security@freebsd.org; Mon, 26 Nov 2001 11:47:13 GMT
From: freebsd-security-local@insignia.com
To: freebsd-security@freebsd.org
Subject: Re: KAME IPSec <->Redcreek
Date: Mon, 26 Nov 2001 11:47:12 +0000
Message-ID: <gu940u08e8c3196fe8k4fchc4e9o7cuujb@4ax.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, 22 Nov 2001 15:36:13 +0900, sakane@kame.net (Shoichi Sakane)
wrote:

>> I wonder anyone has had success talking to a RedCreek Ravlin
>> VPN gateway. I have some colleagues who are successfully using
>> freeswan, but I'm having none at all with racoon.
>> 
>> A packet trace shows the initial packet going to port 500 of
>> the Ravlin, but no response. Unfortunately the Ravlin doesn't
>> syslog anything at all in this situation, so it's kind of
>> hard to debug!
>
>did you compare between the ravlin's configuration and racoon's one ?
>if there was a mismatch, the negotiation would fail.  during the phase1
>negotiation, sometime the node would discard siliently.
>
>there is a possibility that the ravlin requires the main mode of IKE.
>but according to your explanation, the packet might not reach the port
>500 of the ravlin because there might be a packet filtering.

Yes, I believe I am using the same settings. I don't think there is
any packet filterin in place. I plan to wait until the latest
snapshot appears in the FreeBSD ports system and try again.

Jim

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message