From owner-freebsd-security  Wed Jun  5  9:52:51 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20])
	by hub.freebsd.org (Postfix) with SMTP id 872FE37B403
	for <freebsd-security@FreeBSD.ORG>; Wed,  5 Jun 2002 09:52:44 -0700 (PDT)
Received: (qmail 5053 invoked by uid 0); 5 Jun 2002 16:52:39 -0000
Received: from i-zr05.fem.tu-ilmenau.de (HELO supernova) (141.24.45.170)
  by mail.gmx.net (mp007-rz3) with SMTP; 5 Jun 2002 16:52:39 -0000
Date: Wed, 5 Jun 2002 18:53:05 +0200
From: Andreas Pinkert <the_supernova@gmx.net>
X-Mailer: The Bat! (v1.53d)
Reply-To: Andreas Pinkert <the_supernova@gmx.net>
Organization: -
X-Priority: 3 (Normal)
Message-ID: <1816023992.20020605185305@gmx.net>
To: freebsd-security@FreeBSD.ORG
Subject: IPSec: FreeBSD / Win2k
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hello everyone,

  I have a FreeBSD system in a VMWare under Windows 2000.  No I try to connect
  these systems with IPSec. I do this obviously not for security reasons, but to
  check, if and how I can get the two systems interoperate.

  I have a working connection. Cool heh? ;-)

  But there is a serious problem:
  When I start negotiations on the FreeBSD system, an SA will be established, but
  after about 15 seconds racoon crashes with a segmentation fault.
  So packets will be encrypted an decryptet correctly, only the racoon daemon is
  down. (and will not handle timeouts, etc)

  This does not happen when I start the negotiations on the Windows system.

  I updated to racoon-20020507a but the crashing continues.

  Any hints?

regards,

Andreas Pinkert.
  

  My racoon.conf:

path include "/usr/local/etc/racoon" ;
path pre_shared_key "/usr/local/etc/racoon/psk.txt" ;

log debug2;

padding
{
        maximum_length 20;      # maximum padding length.
        randomize off;          # enable randomize length.
        strict_check off;       # enable strict check.
        exclusive_tail off;     # extract last one octet.
}

timer
{
        counter 5;              # maximum trying count to send.
        interval 20 sec;        # maximum interval to resend.
        persend 1;              # the number of packets per a send.
        phase1 30 sec;
        phase2 15 sec;
}
remote 141.24.45.170 # win2k
{
        situation identity_only;
        identifier address;

        exchange_mode main, aggressive;
        lifetime time 5 min;
        passive off;
        nonce_size 16;
        proposal_check obey;
        proposal {
                encryption_algorithm 3des;
                hash_algorithm md5;
                authentication_method pre_shared_key;
                dh_group 2;
        }
}
sainfo anonymous
{
        pfs_group 2;
        lifetime time 8 hour;
        encryption_algorithm 3des;
        authentication_algorithm hmac_md5; 
        compression_algorithm deflate;
}


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message