From owner-freebsd-questions Wed Jan 22 16: 1: 3 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8063E37B401 for ; Wed, 22 Jan 2003 16:01:01 -0800 (PST) Received: from mercury.gennex.com.au (CPE-144-132-31-160.vic.bigpond.net.au [144.132.31.160]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A36743ED8 for ; Wed, 22 Jan 2003 16:00:54 -0800 (PST) (envelope-from scott.penno@gennex.com.au) Received: from jupiter (jupiter.gennex.com.au [192.168.40.1]) by mercury.gennex.com.au (8.12.3/8.12.3) with SMTP id h0N00jrk019729 for ; Thu, 23 Jan 2003 11:00:46 +1100 (EST) (envelope-from scott.penno@gennex.com.au) Message-ID: <003c01c2b2bb$26770d00$0128a8c0@jupiter> From: "Scott Penno" To: References: <001f01c2b2bb$0bf04780$0128a8c0@jupiter> Subject: Problems with IPSec Date: Fri, 3 Jan 2003 11:00:39 +1100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi all, Wasn't sure where I should ask for help with this problem, so I'm starting here. If there's a more appropriate place, please let me know. I have a FreeBSD box running -STABLE which has had IPSec working with other hosts for quite some time without a problem. I've just setup another FreeBSD box running 5.0-RC1 and am trying to establish a VPN tunnel but am not getting too far. I'm using racoon and when attempting the negotiation with debugging enabled, the following message appears: 2003-01-20 12:00:23: ERROR: pfkey.c:207:pfkey_handler(): pfkey ADD failed: Invalid argument and the following message is logged via syslog: Jan 20 12:00:23 atlas kernel: key_mature: invalid AH key length 160 (128-128 allowed) The relevant section of racoon.conf which is identical on both boxes is: sainfo anonymous { pfs_group 1; lifetime time 86400 sec; encryption_algorithm 3des ; authentication_algorithm hmac_sha1 ; compression_algorithm deflate ; } The box running -STABLE has been working fine with this configuration so I'm assuming the problem is with the box running 5.0-RC1. Interestingly, I've also tried using des as the encryption algorithm and hmac_md5 as the authentication algorithm and I receive the following error message: racoon: failed to parse configuration file. If anyone has any suggestions for a fix, or how I go about further diagnosing this problem, I'd love to hear from you. Regards, Scott. PS: Please CC replies as I'm not subscribed to the list. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message