From owner-freebsd-security Tue Oct 10 9: 2:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from bongo.rbc.ru (bongo.rbc.ru [195.218.138.120]) by hub.freebsd.org (Postfix) with ESMTP id ED59D37B66D for ; Tue, 10 Oct 2000 09:02:20 -0700 (PDT) Received: from bingo.rbc.ru (bingo.rbc.ru [195.218.138.28]) by bongo.rbc.ru (Postfix) with ESMTP id DD2A614FB4 for ; Tue, 10 Oct 2000 20:02:15 +0400 (MSD) Received: from igor ([195.218.167.26]) by bingo.rbc.ru (8.9.3/8.9.3) with SMTP id UAA12878 for ; Tue, 10 Oct 2000 20:02:15 +0400 (MSD) (envelope-from igorp@mail.rbc.ru) Message-ID: <00b301c032d3$9cd97880$1aa7dac3@krovatka.ru> From: "Igor" To: Subject: racoon problem Date: Tue, 10 Oct 2000 20:03:21 +0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00B0_01C032F5.23DD5CE0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 Disposition-Notification-To: "Igor" X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_00B0_01C032F5.23DD5CE0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable i configure ipsec and racoon=20 #ipsec.conf=20 spdadd 1.1.1.1 2.2.2.2 any -P out ipsec esp/transport/1.1.1.1-2.2.2.2/require ; spdadd 2.2.2.2 1.1.1.1 any -P in ipsec esp/transport/2.2.2.2-1.1.1.1/require ; setkey -f ipsec.conf =20 #racoon.conf path pre_shared_key "psk" ; log debug4; remote anonymous { exchange_mode aggressive,main,base; identifier address; proposal_check obey; lifetime time 24 hour ; # sec,min,hour lifetime byte 100 MB ; # B,KB,GB # phase 1 proposal (for ISAKMP SA) proposal { encryption_algorithm des ; hash_algorithm sha1; authentication_method pre_shared_key ; dh_group 2; } } # phase 2 proposal (for IPsec SA) sainfo anonymous { pfs_group 2; lifetime time 12 hour ; lifetime byte 50 MB ; encryption_algorithm des ; authentication_algorithm hmac_md5, hmac_sha1 ; compression_algorithm deflate ; } =20 racoon -f racoon.conf #psk 1.1.1.1 12345678 2.2.2.2 12345678 =20 on phase 2 00-10-04 16:22:05: pfkey.c:193:pfkey_handler(): get pfkey ADD message 2000-10-04 16:22:05: pfkey.c:209:pfkey_handler(): pfkey ADD failed = Invalid argument =20 I think the password for crypt packets at this time is must be = established what is wrong ? =20 =20 =20 ------=_NextPart_000_00B0_01C032F5.23DD5CE0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
i configure ipsec and racoon =
 
#ipsec.conf
spdadd 1.1.1.1 2.2.2.2 any -P out=20 ipsec
       =20 esp/transport/1.1.1.1-2.2.2.2/require ;
spdadd 2.2.2.2 1.1.1.1 any -P = in=20 ipsec
       =20 esp/transport/2.2.2.2-1.1.1.1/require ;
 
setkey -f ipsec.conf
 
 
#racoon.conf
path pre_shared_key "psk" = ;
log debug4;
remote=20 anonymous
{
        = exchange_mode=20 aggressive,main,base;
       =20 identifier address;
        proposal_check=20 obey;
        lifetime time 24 = hour ; #=20 sec,min,hour
        lifetime byte = 100 MB=20 ;  # B,KB,GB
        # phase=20 1 proposal (for ISAKMP SA)
        = proposal=20 {
           &n= bsp;   =20 encryption_algorithm des=20 ;
           &n= bsp;   =20 hash_algorithm=20 sha1;
          &nbs= p;    =20 authentication_method pre_shared_key=20 ;
           &n= bsp;   =20 dh_group 2;
        = }
}
# phase 2 proposal (for IPsec = SA)
sainfo=20 anonymous
{
        pfs_group=20 2;
        lifetime time 12 hour=20 ;
        lifetime byte 50 MB=20 ;
        encryption_algorithm des = ;
        authentication_algorithm = hmac_md5, hmac_sha1 ;
       =20 compression_algorithm deflate ;
}
 
racoon -f racoon.conf
#psk
1.1.1.1     =     =20 12345678
2.2.2.2         &nb= sp;12345678
 
 
on phase 2
00-10-04 16:22:05: = pfkey.c:193:pfkey_handler(): get=20 pfkey ADD message
2000-10-04 16:22:05: pfkey.c:209:pfkey_handler(): = pfkey ADD=20 failed Invalid argument
 
I think the password for crypt packets = at this time=20 is must be established
what is wrong ?
 
 
 
------=_NextPart_000_00B0_01C032F5.23DD5CE0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message