Date: Fri, 6 Oct 2000 10:34:06 +0400 From: "Igor" <igorp@mail.rbc.ru> To: <freebsd-questions@FreeBSD.ORG> Subject: racoon problem Message-ID: <010901c02f5f$70eea320$1aa7dac3@rbc.ru>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
------=_NextPart_000_0106_01C02F80.F46B5C90
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
i configure ipsec and racoon=20
#ipsec.conf=20
spdadd 1.1.1.1 2.2.2.2 any -P out ipsec
esp/transport/1.1.1.1-2.2.2.2/require ;
spdadd 2.2.2.2 1.1.1.1 any -P in ipsec
esp/transport/2.2.2.2-1.1.1.1/require ;
setkey -f ipsec.conf
=20
#racoon.conf
path pre_shared_key "psk" ;
log debug4;
remote anonymous
{
exchange_mode aggressive,main,base;
identifier address;
proposal_check obey;
lifetime time 24 hour ; # sec,min,hour
lifetime byte 100 MB ; # B,KB,GB
# phase 1 proposal (for ISAKMP SA)
proposal {
encryption_algorithm des ;
hash_algorithm sha1;
authentication_method pre_shared_key ;
dh_group 2;
}
}
# phase 2 proposal (for IPsec SA)
sainfo anonymous
{
pfs_group 2;
lifetime time 12 hour ;
lifetime byte 50 MB ;
encryption_algorithm des ;
authentication_algorithm hmac_md5, hmac_sha1 ;
compression_algorithm deflate ;
}
=20
racoon -f racoon.conf
#psk
1.1.1.1 12345678
2.2.2.2 12345678
=20
on phase 2
00-10-04 16:22:05: pfkey.c:193:pfkey_handler(): get pfkey ADD message
2000-10-04 16:22:05: pfkey.c:209:pfkey_handler(): pfkey ADD failed =
Invalid argument
=20
I think the password for crypt packets at this time is must be =
established
what is wrong ?
=20
=20
=20
------=_NextPart_000_0106_01C02F80.F46B5C90
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>
<DIV><FONT face=3DArial size=3D2>i configure ipsec and racoon =
</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>#ipsec.conf </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>spdadd 1.1.1.1 2.2.2.2 any -P out=20
ipsec<BR> =20
esp/transport/1.1.1.1-2.2.2.2/require ;<BR>spdadd 2.2.2.2 1.1.1.1 any -P =
in=20
ipsec<BR> =20
esp/transport/2.2.2.2-1.1.1.1/require ;</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>setkey -f ipsec.conf</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>#racoon.conf</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>path pre_shared_key "psk" =
;</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>log debug4;</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>remote=20
anonymous<BR>{<BR> =
exchange_mode=20
aggressive,main,base;</FONT></DIV>
<DIV><FONT face=3DArial =
size=3D2> =20
identifier address;<BR></FONT><FONT face=3DArial=20
size=3D2> proposal_check=20
obey;<BR> lifetime time 24 =
hour ; #=20
sec,min,hour<BR> lifetime byte =
100 MB=20
; # B,KB,GB</FONT></DIV>
<DIV><FONT face=3DArial =
size=3D2> # phase=20
1 proposal (for ISAKMP SA)<BR> =
proposal=20
{<BR> &n=
bsp; =20
encryption_algorithm des=20
;<BR> &n=
bsp; =20
hash_algorithm=20
sha1;<BR> &nbs=
p; =20
authentication_method pre_shared_key=20
;<BR> &n=
bsp; =20
dh_group 2;<BR> =
}<BR>}</FONT></DIV>
<DIV><FONT face=3DArial size=3D2># phase 2 proposal (for IPsec =
SA)<BR>sainfo=20
anonymous<BR>{<BR> pfs_group=20
2;<BR> lifetime time 12 hour=20
;<BR> lifetime byte 50 MB=20
;<BR> encryption_algorithm des =
;<BR> authentication_algorithm =
hmac_md5, hmac_sha1 ;<BR> =20
compression_algorithm deflate ;<BR>}</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>racoon -f racoon.conf<BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>#psk</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>1.1.1.1 =
=20
12345678</FONT></DIV>
<DIV><FONT face=3DArial=20
size=3D2>2.2.2.2 &nb=
sp;12345678</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2> </DIV></FONT>
<DIV><FONT face=3DArial size=3D2>on phase 2</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>00-10-04 16:22:05: =
pfkey.c:193:pfkey_handler(): get=20
pfkey ADD message<BR>2000-10-04 16:22:05: pfkey.c:209:pfkey_handler(): =
pfkey ADD=20
failed Invalid argument</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I think the password for crypt packets =
at this time=20
is must be established</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>what is wrong ?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> </DIV></FONT>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial =
size=3D2> </DIV></FONT></FONT></DIV></BODY></HTML>
------=_NextPart_000_0106_01C02F80.F46B5C90--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?010901c02f5f$70eea320$1aa7dac3>