Date: Wed, 24 Sep 2003 15:41:35 -0500 From: Eric Humphries <efk@bitstream.net> To: freebsd-questions@freebsd.org Cc: efk@bitstream.net Subject: racoon/tunnel problems Message-ID: <20030924204135.GA15196@bitstream.net>
next in thread | raw e-mail | index | archive | help
I've attempted to setup a vpn between two of my freebsd boxes, and while everything appeared to go fine, something I've done just isn't working. I'm looking for an ESP/tunnel so I can connect my home network to my work network. Here is all the (I think) relelvant information: http://marley.bitstream.net/~hump/racoonwoes.txt If you need more info, let me know, however, I'm stuck. Both machines are FreeBSD 5.1 REELASE boxes, with a fresh copy of racoon built last night from current ports. When I try to ping the local address on the other host I get "No Route To Host" errors. I put the remove host in the foreground with "racoon -F -v -f /path/to/config/racoon.conf" so I can watch whats going on. Foreground mode. 2003-09-24 14:53:09: INFO: main.c:172:main(): @(#)package version freebsd-20030711a 2003-09-24 14:53:09: INFO: main.c:174:main(): @(#)internal version 20001216 sakane@kame.net 2003-09-24 14:53:09: INFO: main.c:175:main(): @(#)This product linked OpenSSL 0.9.7b 10 Apr 2003 (http://www.openssl.org/) 2003-09-24 14:53:09: INFO: isakmp.c:1358:isakmp_open(): 10.10.10.1[500] used as isakmp port (fd=5) 2003-09-24 14:53:09: INFO: isakmp.c:1358:isakmp_open(): 127.0.0.1[500] used as isakmp port (fd=6) 2003-09-24 14:53:09: INFO: isakmp.c:1358:isakmp_open(): 1.2.3.136[500] used as isakmp port (fd=7) So far so good, now I'll try pinging the remote ip address. Locally: eric# ping 10.10.10.1 PING 10.10.10.1 (10.10.10.1): 56 data bytes ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host ^C --- 10.10.10.1 ping statistics --- 5 packets transmitted, 0 packets received, 100% packet loss And racoon on the remote host displays the following when I start the ping: 2003-09-24 14:53:56: INFO: isakmp.c:894:isakmp_ph1begin_r(): respond new phase 1 negotiation: 1.2.3.136[500]<=>5.6.7.34[500] 2003-09-24 14:53:56: INFO: isakmp.c:899:isakmp_ph1begin_r(): begin Aggressive mode. 2003-09-24 14:53:56: NOTIFY: oakley.c:2040:oakley_skeyid(): couldn't find the proper pskey, try to get one by the peer's address. 2003-09-24 14:53:57: INFO: isakmp.c:2412:log_ph1established(): ISAKMP-SA established 1.2.3.136[500]-5.6.7.34[500] spi:0bd222feeabce882:e023df163786922d 2003-09-24 14:53:57: INFO: isakmp.c:1049:isakmp_ph2begin_r(): respond new phase 2 negotiation: 1,2,3.136[0]<=>5.6.7.34[0] 2003-09-24 14:53:57: INFO: pfkey.c:1134:pk_recvupdate(): IPsec-SA established: ESP/Tunnel 5.6.7.34->1.2.3.136 spi=127877288(0x79f40a8) 2003-09-24 14:53:57: INFO: pfkey.c:1357:pk_recvadd(): IPsec-SA established: ESP/Tunnel 1.2.3.136->5.6.7.34 spi=262084508(0xf9f179c) When I stop everything, it then cleans up after itself: 2003-09-24 14:55:34: INFO: isakmp.c:1049:isakmp_ph2begin_r(): respond new phase 2 negotiation: 1.2.3.136[0]<=>5.6.7.34[0] 2003-09-24 14:55:35: INFO: pfkey.c:1134:pk_recvupdate(): IPsec-SA established: ESP/Tunnel 5.6.7.34->1.2.3.136 spi=259247885(0xf73cf0d) 2003-09-24 14:55:35: INFO: pfkey.c:1357:pk_recvadd(): IPsec-SA established: ESP/Tunnel 1,2,3.136->5.6.7.34 spi=101275198(0x609563e) 2003-09-24 14:55:57: INFO: isakmp.c:1516:isakmp_ph1expire(): ISAKMP-SA expired 1.2.3.136[500]-5.6.7.34[500] spi:0bd222feeabce882:e023df163786922d 2003-09-24 14:55:57: INFO: isakmp.c:1600:isakmp_ph2expire(): phase2 sa expired 1.2.3.136-5.6.7.34 2003-09-24 14:55:58: INFO: isakmp.c:1564:isakmp_ph1delete(): ISAKMP-SA deleted 1.2.3.136[500]-5.6.7.34[500] spi:0bd222feeabce882:e023df163786922d 2003-09-24 14:55:58: INFO: isakmp.c:1631:isakmp_ph2delete(): phase2 sa deleted 1.2.3.136-5.6.7.34 I know there is something I'm missing. I've yet to have a working vpn with racoon (which is probably obvious), but its hard to dig in further when it doesn't work. ;) If you're having formatting problems with my email, go here: http://marley.bitstream.net/~hump/freebsd-questions.txt for an online web copy that you can view in your browser. HOSTa uname -a: FreeBSD maryj.somedomain.net 5.1-RELEASE-p3 FreeBSD 5.1-RELEASE-p3 #0: Tue Sep 23 22:30:39 CDT 2003 efk@maryj.somedomain.net:/usr/src/sys/i386/compile/VPN2 i386 HOSTb uname -a: FreeBSD eric.someotherdomain.net 5.1-RELEASE FreeBSD 5.1-RELEASE #0: Wed Sep 24 00:29:20 CDT 2003 efk@eric.someotherdomain.net:/usr/src/sys/i386/compile/VPN i386 Thanks in advance, Eric
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030924204135.GA15196>