Date: Tue, 11 Dec 2001 01:37:24 +0900 From: Shoichi Sakane <sakane@kame.net> To: freebsd-security-local@insignia.com Cc: freebsd-security@freebsd.org Subject: Re: Racoon <> VPN Gateway Message-ID: <20011211013724G.sakane@kame.net> In-Reply-To: Your message of "Fri, 07 Dec 2001 09:57:06 %2B0000" <c7411ug95bmgi7f2vqok8aja61k3h0j08f@4ax.com> References: <c7411ug95bmgi7f2vqok8aja61k3h0j08f@4ax.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I've now got further trying to get racoon talking to a Redcreek > Ravlin10 VPN gateway, once I realised the gif device is needed > for tunnel mode. It actually replies to me, though the reply > isn't what racoon seems to expect. basically you don't need the gif device configuration when you want to use IPsec tunnel mode. > I'm trying to establish an ESP tunnel mode connection between > 213.208.123.252 (racoon) and 195.74.141.60 (Ravlin). > Racoon says: > >2001-12-06 20:44:02: DEBUG: isakmp.c:394:isakmp_main(): malformed cookie received or the spi expired. did you see other error message before this message ? i think this session failed due to some reasons, so racoon could not process this session any more. > whereas the Ravlin says: > >Dec 6 20:46:30 ravlin10 [051b4216] 101-12-06/20:45:05(GMT) Received ISAKMP initialization request. Peer: (213.208.123.252) > >Dec 6 20:46:32 ravlin10 [03044222] 101-12-06/20:45:07(GMT) Invalid payload. Possible overrun attack! () i'm not sure the meaning of above two messages. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011211013724G.sakane>