Re: ipsec and freebsd 5.3-beta

From: cell <bettan_at_nerim.net>
Date: Mon, 27 Sep 2004 08:22:40 +0200
I have always the same problem.I'm on freebsd 5.3-beta 5 and i have put the
patch for key.c who is in cvweb but  i have that :

# /usr/local/sbin/racoon -F -v
Foreground mode.
2004-09-27 08:20:14: INFO: main.c:172:main(): _at_(#)package version
freebsd-20040818a
2004-09-27 08:20:14: INFO: main.c:174:main(): _at_(#)internal version 20001216
sakane_at_kame.net
2004-09-27 08:20:14: INFO: main.c:175:main(): _at_(#)This product linked
OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/)
2004-09-27 08:20:15: WARNING: cftoken.l:514:yywarn():
/usr/local/etc/racoon/racoon.conf:66: "support_mip6" it is obsoleted.  use
"support_proxy".
2004-09-27 08:20:15: INFO: isakmp.c:1368:isakmp_open():
fe80::2bd:3eff:fe04:1%tap1[500] used as isakmp port (fd=5)
2004-09-27 08:20:15: INFO: isakmp.c:1368:isakmp_open():
fe80::2bd:39ff:fe04:0%tap0[500] used as isakmp port (fd=6)
2004-09-27 08:20:15: INFO: isakmp.c:1368:isakmp_open(): 62.212.121.38[500]
used as isakmp port (fd=7)
2004-09-27 08:20:15: INFO: isakmp.c:1368:isakmp_open():
fe80::20a:5eff:fe3e:ebf7%tun0[500] used as isakmp port (fd=8)
2004-09-27 08:20:15: INFO: isakmp.c:1368:isakmp_open(): fe80::1%lo0[500]
used as isakmp port (fd=9)
2004-09-27 08:20:15: INFO: isakmp.c:1368:isakmp_open(): ::1[500] used as
isakmp port (fd=10)
2004-09-27 08:20:15: INFO: isakmp.c:1368:isakmp_open(): 127.0.0.1[500] used
as isakmp port (fd=11)
2004-09-27 08:20:15: INFO: isakmp.c:1368:isakmp_open():
fe80::205:5dff:fea2:98ef%vr1[500] used as isakmp port (fd=12)
2004-09-27 08:20:15: INFO: isakmp.c:1368:isakmp_open(): 10.0.0.1[500] used
as isakmp port (fd=13)
2004-09-27 08:20:15: INFO: isakmp.c:1368:isakmp_open():
fe80::205:5dff:fe64:5a87%vr0[500] used as isakmp port (fd=14)
2004-09-27 08:20:15: INFO: isakmp.c:1368:isakmp_open(): 192.168.3.1[500]
used as isakmp port (fd=15)
2004-09-27 08:20:15: INFO: isakmp.c:1368:isakmp_open():
2001:7a8:3d26::1[500] used as isakmp port (fd=16)
2004-09-27 08:20:15: INFO: isakmp.c:1368:isakmp_open():
fe80::20a:5eff:fe3e:ebf7%xl0[500] used as isakmp port (fd=17)
2004-09-27 08:20:15: INFO: isakmp.c:1368:isakmp_open(): 192.168.1.1[500]
used as isakmp port (fd=18)
2004-09-27 08:20:19: INFO: isakmp.c:904:isakmp_ph1begin_r(): respond new
phase 1 negotiation: 192.168.3.1[500]<=>192.168.3.3[500]
2004-09-27 08:20:19: INFO: isakmp.c:909:isakmp_ph1begin_r(): begin Identity
Protection mode.
2004-09-27 08:20:19: INFO: vendorid.c:128:check_vendorid(): received Vendor
ID: MS NT5 ISAKMPOAKLEY
2004-09-27 08:20:19: WARNING: ipsec_doi.c:3064:ipsecdoi_checkid1(): ID type
mismatched.
2004-09-27 08:20:19: WARNING: ipsec_doi.c:3112:ipsecdoi_checkid1(): ID value
mismatched.
2004-09-27 08:20:19: INFO: isakmp.c:2459:log_ph1established(): ISAKMP-SA
established 192.168.3.1[500]-192.168.3.3[500]
spi:89a9546f383b9559:4baf291311fbf720
2004-09-27 08:20:19: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond new
phase 2 negotiation: 192.168.3.1[0]<=>192.168.3.3[0]
2004-09-27 08:20:19: ERROR: pfkey.c:1076:pk_sendupdate(): libipsec failed
send update (No buffer space available)
2004-09-27 08:20:19: ERROR: isakmp_quick.c:1615:quick_r3prep(): pfkey update
failed.
2004-09-27 08:20:19: ERROR: isakmp.c:750:quick_main(): failed to process
packet.
2004-09-27 08:20:19: ERROR: isakmp.c:541:isakmp_main(): phase2 negotiation
failed.
2004-09-27 08:21:20: INFO: isakmp.c:1526:isakmp_ph1expire(): ISAKMP-SA
expired 192.168.3.1[500]-192.168.3.3[500]
spi:89a9546f383b9559:4baf291311fbf720
2004-09-27 08:21:21: INFO: isakmp.c:1574:isakmp_ph1delete(): ISAKMP-SA
deleted 192.168.3.1[500]-192.168.3.3[500]
spi:89a9546f383b9559:4baf291311fbf720

----- Original Message ----- 
From: "cell" <bettan_at_nerim.net>
To: "Arne Schwabe" <arne_at_rfc2549.org>
Cc: <freebsd-current_at_freebsd.org>
Sent: Saturday, September 25, 2004 3:44 PM
Subject: Re: ipsec and freebsd 5.3-beta


> I write MSIZE=512 in my config kernel ?
> ----- Original Message ----- 
> From: "Arne Schwabe" <arne_at_rfc2549.org>
> To: "cell" <bettan_at_nerim.net>
> Cc: <freebsd-current_at_freebsd.org>
> Sent: Saturday, September 25, 2004 3:20 PM
> Subject: Re: ipsec and freebsd 5.3-beta
>
>
> > "cell" <bettan_at_nerim.net> writes:
> >
> > > hello , i tried to configure ipsec in my freebsd with racoon for a
wifi
> connection with a laptop on windows xp home but i have problem.I have used
> this tutorial http://ezine.daemonnews.org/200401/wifi-ipsec.html and when
i
> run racoon with "racoon -F -v" j'ai :
> > >
> > > # racoon -F -v
> > > Foreground mode.
> > > 2004-09-25 12:19:27: INFO: main.c:172:main(): _at_(#)package version
> freebsd-20040818a
> > > 2004-09-25 12:19:27: INFO: main.c:174:main(): _at_(#)internal version
> 20001216 sakane_at_kame.net
> > > 2004-09-25 12:19:27: INFO: main.c:175:main(): _at_(#)This product linked
> OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/)
> > > 2004-09-25 12:19:27: WARNING: cftoken.l:514:yywarn():
> /usr/local/etc/racoon/racoon.conf:66: "support_mip6" it is obsoleted.  use
> "support_proxy".
> > > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open():
> fe80::2bd:fbff:fe03:1%tap1[500] used as isakmp port (fd=5)
> > > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open():
> fe80::2bd:f7ff:fe03:0%tap0[500] used as isakmp port (fd=6)
> > > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open():
> 62.212.121.38[500] used as isakmp port (fd=7)
> > > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open():
> fe80::20a:5eff:fe3e:ebf7%tun0[500] used as isakmp port (fd=8)
> > > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open():
fe80::1%lo0[500]
> used as isakmp port (fd=9)
> > > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): ::1[500] used
as
> isakmp port (fd=10)
> > > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): 127.0.0.1[500]
> used as isakmp port (fd=11)
> > > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open():
> fe80::205:5dff:fea2:98ef%vr1[500] used as isakmp port (fd=12)
> > > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open(): 10.0.0.1[500]
> used as isakmp port (fd=13)
> > > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open():
> fe80::205:5dff:fe64:5a87%vr0[500] used as isakmp port (fd=14)
> > > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open():
192.168.3.1[500]
> used as isakmp port (fd=15)
> > > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open():
> 2001:7a8:3d26::1[500] used as isakmp port (fd=16)
> > > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open():
> fe80::20a:5eff:fe3e:ebf7%xl0[500] used as isakmp port (fd=17)
> > > 2004-09-25 12:19:27: INFO: isakmp.c:1368:isakmp_open():
192.168.1.1[500]
> used as isakmp port (fd=18)
> > > 2004-09-25 12:20:07: INFO: isakmp.c:904:isakmp_ph1begin_r(): respond
new
> phase 1 negotiation: 192.168.3.1[500]<=>192.168.3.3[500]
> > > 2004-09-25 12:20:07: INFO: isakmp.c:909:isakmp_ph1begin_r(): begin
> Identity Protection mode.
> > > 2004-09-25 12:20:07: INFO: vendorid.c:128:check_vendorid(): received
> Vendor ID: MS NT5 ISAKMPOAKLEY
> > > 2004-09-25 12:20:07: WARNING: ipsec_doi.c:3064:ipsecdoi_checkid1(): ID
> type mismatched.
> > > 2004-09-25 12:20:07: WARNING: ipsec_doi.c:3112:ipsecdoi_checkid1(): ID
> value mismatched.
> > > 2004-09-25 12:20:07: INFO: isakmp.c:2459:log_ph1established():
ISAKMP-SA
> established 192.168.3.1[500]-192.168.3.3[500]
> spi:0ae2df7beb89619e:2202b5a1db9ba88a
> > > 2004-09-25 12:20:07: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond
> new phase 2 negotiation: 192.168.3.1[0]<=>192.168.3.3[0]
> > > 2004-09-25 12:20:07: ERROR: pfkey.c:1076:pk_sendupdate(): libipsec
> failed send update (No buffer space available)
> > > 2004-09-25 12:20:07: ERROR: isakmp_quick.c:1615:quick_r3prep(): pfkey
> update failed.
> > > 2004-09-25 12:20:07: ERROR: isakmp.c:750:quick_main(): failed to
process
> packet.
> > > 2004-09-25 12:20:07: ERROR: isakmp.c:541:isakmp_main(): phase2
> negotiation failed.
> >
> > Look into the "Ipsec broken in 5.3" or something like this a few
> > hours ago.
> >
> > A temporary workaround is to set MSIZE=512 in your kernel config.
> >
> > Arne
>
> _______________________________________________
> freebsd-current_at_freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"
Received on Mon Sep 27 2004 - 04:22:44 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:14 UTC