From owner-freebsd-questions Mon Jan 22 6:27:33 2001 Delivered-To: freebsd-questions@freebsd.org Received: from malmo.trab.se (malmo.trab.se [131.115.48.10]) by hub.freebsd.org (Postfix) with ESMTP id 247ED37B401 for ; Mon, 22 Jan 2001 06:27:14 -0800 (PST) Received: from hanexcgtw.han.telia.se (hanexcgtw.han.telia.se [131.115.16.36]) by malmo.trab.se (8.10.1/TRAB-primary-2) with ESMTP id f0MERC407316 for ; Mon, 22 Jan 2001 15:27:12 +0100 (MET) Received: by hanexcgtw.han.telia.se with Internet Mail Service (5.5.2650.21) id ; Mon, 22 Jan 2001 15:27:12 +0100 Message-ID: From: =?iso-8859-1?Q?Markus_Bostr=F6m?= To: "Freebsd (E-mail)" Subject: problems with racoon and PGPnet Date: Mon, 22 Jan 2001 15:25:24 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, I'm having problems getting my VPNgateway to work with PGPnet. The phase1 seems to get established but then the VPNgw starts ignoring the PGPnet client... The VPNgateway (named vpngw) is a FreeBSD 4.2 box with the racoon port installed. And the pgpnet client (named Markus) is a NT 4 worksstation running PGP 6.5.8. PGPnet is using default settings. You can find my racoon.conf, racoon.log and a tcpdump of a "connect" at http://213.64.6.188/ipsec/ (it's not vpnfw) This is a cut from racoon.log: ----------------- 2001-01-22 13:46:21: isakmp.c:2317:log_ph1established(): ISAKMP-SA established vpngw_IP[500]-markus_IP[500] spi:eaa3d6abc672844b:227bdb137fae8be8 2001-01-22 13:46:21: isakmp.c:639:ph1_main(): === 2001-01-22 13:46:21: isakmp.c:207:isakmp_handler(): === eaa3d6ab c672844b 227bdb13 7fae8be8 0b100500 00000000 00000028 0000000c 00000001 0100001e 2001-01-22 13:46:21: isakmp.c:2152:isakmp_printpacket(): begin. 2001-01-22 13:46:21: isakmp_inf.c:112:isakmp_info_recv(): receive Information. 2001-01-22 13:46:21: isakmp_inf.c:143:isakmp_info_recv(): markus_IP ignore, the packet must be encrypted. ------------------- This is the tcpdump: -------------------- vpngw# tcpdump host vpngw tcpdump: listening on dc0 13:46:19.548833 markus.isakmp > vpngw.isakmp: isakmp: phase 1 I ident: [|sa] 13:46:19.617855 vpngw.isakmp > markus.isakmp: isakmp: phase 1 R ident: [|sa] 13:46:19.647084 markus.isakmp > vpngw.isakmp: isakmp: phase 1 I ident: [|ke] 13:46:20.304175 vpngw.isakmp > markus.isakmp: isakmp: phase 1 R ident: [|ke] 13:46:20.348731 markus.isakmp > vpngw.isakmp: isakmp: phase 1 I ident[E]: [|id] 13:46:21.202959 vpngw.isakmp > markus.isakmp: isakmp: phase 1 R ident[E]: [|id] 13:46:21.204935 markus.isakmp > vpngw.isakmp: isakmp: phase 1 I inf: (n: doi=ipsec proto=isakmp type=UNEQUAL-PAYLOAD-LENGTHS) 13:46:21.251088 vpngw.isakmp > markus.isakmp: isakmp: phase 2/others R inf[E]: [|hash] 13:46:36.456984 vpngw.isakmp > markus.isakmp: isakmp: phase 2/others R inf[E]: [|hash] ^C 152 packets received by filter 0 packets dropped by kernel vpngw# ------------------------- The PGPnet log: ------------------------- 13:46:21 PM IKEvpngw_IP Unequal Payload Lengths notification sent 13:46:21 PM Servicevpngw_IP Unable to establish Security Association with peer 13:46:21 PM IKEvpngw_IP Invalid Exchange notification sent ------------------------- Any idea what could be causing this? I've tried changing the "dh_group" but only "modp1536" or "5" gets an accepted proposal. Could anyone send a working(with pgpnet) copy of their racoon.conf? Thanks /Markus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message