Date: Tue, 17 May 2005 07:47:33 -0400 From: Mike Tancsa <mike@sentex.net> To: Daren Russell <darenr@end-design.co.uk> Cc: freebsd-questions@freebsd.org Subject: Re: IPSec and Racoon between 5.4 and 4.11 Message-ID: <t7mj815s2oh8gtpil1ul8h55k4slj97lsc@4ax.com> In-Reply-To: <d6ca7k$58s$1@sea.gmane.org> References: <d6a1fg$pf1$1@sea.gmane.org> <23gi81pattnnan1rlv8uc0dva1ken5r8cj@4ax.com> <d6ca7k$58s$1@sea.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 17 May 2005 09:33:40 +0100, in sentex.lists.freebsd.questions you wrote: >A basic tunnel (without any encryption) works fine. As soon as >ipsec_enable is set in rc.conf, it fails. > >setkey -D shows No SAD entries. > >If I start a ping from 192.168.1.254 -> 192.168.0.254, the receiving >machine get's an 'Invalid length of payload' error, whilst the sending >machine is getting an 'phase 2 negotiation failed due to time up waiting >for phase1. ESP 62.x.x.125->82.x.x.141' (The ip's shown are what they >should be.) I can probably transfer entire parts of the log files if >required, but at the moment, both machines are isolated. > >A further point I've discovered having left them running for a while, is >the racoon on the AMD64 keeps crashing and dumping core (although I >don't know what to do with that!). Maybe there is an issue with racoon >on 64bit? Maybe I should try re-installing with a standard i386 arch. >(Last ditch!) Yes, I would try and see if moving to i386 fixes the problem. Assuming you do have all the configs correct, there is no reason why it should not work. > >Both racoon's are 'racoon-2005-0510a' BTW. I have only just started using this version last weekend so I am not sure how good it is, but I suspect its the AMD64 thats at issue if all your configs are indeed correct. ---Mike -------------------------------------------------------- Mike Tancsa, Sentex communications http://www.sentex.net Providing Internet Access since 1994 mike@sentex.net, (http://www.tancsa.com)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?t7mj815s2oh8gtpil1ul8h55k4slj97lsc>