Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 16 Jan 2003 16:20:44 -0500 (EST)
From:      Dru <dlavigne6@cogeco.ca>
To:        Andrew Alcheev <buddy@telenet.ru>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: IPSec tunnel between Windows XP and FreeBSD: racoon can't acts as the initiator
Message-ID:  <20030116161644.Q11885@dhcp-17-14.kico2.on.cogeco.ca>
In-Reply-To: <2413786872.20030114153805@telenet.ru>
References:  <2413786872.20030114153805@telenet.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 


On Tue, 14 Jan 2003, Andrew Alcheev wrote:

> Hello.
>
> I have setup an IPSec tunnel between FreeBSD 4.7-stable (system
> 18.11.02)/racoon 20021120a and Windows XP Prof.
> FreeBSD acts as gateway, tunneling connections from Windows to world.
> IPSec crypts link between unix and win only.
>
> ipsec.conf:
> spdadd 0.0.0.0/0 192.168.99.10/32 any -P out ipsec
>   esp/tunnel/192.168.99.1-192.168.99.10/require;
> spdadd 192.168.99.10/32 0.0.0.0/0 any -P in ipsec
>   esp/tunnel/192.168.99.10-192.168.99.1/require;
>
>
> While other side (Windows XP) initiates connect to hosts behind the
> tunnel, all works fine.
>
> If connect arrives from other hosts before SA has been established,
> then racoon can't initiate Phase 1
>
> tcpdump output:
> 15:29:13.408122 192.168.99.1.500 > 192.168.99.10.500: isakmp: phase 1 I agg: [|sa]
> 15:29:13.409117 192.168.99.10.500 > 192.168.99.1.500: isakmp: phase 2/others R inf: [|n]
>
> racoon.log:
> ...
> 2003-01-14 15:29:13: DEBUG: isakmp.c:222:isakmp_handler(): 56 bytes message received from 192.168.99.10[500]
> ...
> 2003-01-14 15:29:13: DEBUG: isakmp.c:346:isakmp_main(): malformed cookie received or the initiator's cookies collide.
> ...
>
> What is wrong ?


Hard to tell without a bit more information. Are you using a pre-shared
secret or digital certificates for authentication? Can you send a
sanitized copy of your racoon.conf?

Dru

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030116161644.Q11885>