Missing SA entry with racoon setup.

Prev: Can an SGI IRIS compiled program run on free BSD ?
Next: acd0: TIMEOUT

From: swun2010 on 5 Sep 2007 19:37

---

Hi,

I am not sure what s wrong with my racoon ipsec setup, I can't get the
ipsec SA entries populate properly at my home router.

The problem is at my home router (named bemore 12x.xx.xx.xx) has only
one SAD entry, while the remote VPN router has both SAD entries. I
have setup the manual keys at both end before, and it works great.
After changed to racoon with pre-shared key, the home end router has
only one SA entry.


Here is the error msg in the racoon log at Belmore router:
2007-09-02 09:51:02: ERROR: pfkey UPDATE failed: No such file or
directory
2007-09-02 09:51:02: INFO: IPsec-SA established: ESP
12x.xx.xx.xx[0]->19x.xx.xx.xx[0] spi=188927177(0xb42ccc9)
2007-09-02 09:51:17: ERROR: 19x.xx.xx.xx give up to get IPsec-SA due
to
time up to wait.


belmore# setkey -D
12x.xx.xx.xx 19x.xx.xx.xx
esp mode=any spi=188927177(0x0b42ccc9) reqid=0(0x00000000)
E: 3des-cbc 5780cb44 4a0db68e dd5a1693 6ab11209 73232f41 51309540
A: hmac-md5 c0c79a4a 70846358 67849856 717fa620
seq=0x00000000 replay=4 flags=0x00000000 state=mature
created: Sep 2 09:51:02 2007 current: Sep 2 09:51:42 2007
diff: 40(s) hard: 28800(s) soft: 23040(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=0 pid=1571 refcnt=1


core:~ # setkey -D
19x.xx.xx.xx 12x.xx.xx.xx
esp mode=tunnel spi=195433077(0x0ba61275) reqid=0(0x00000000)
E: 3des-cbc 3c761adc 83d4a518 e74702d6 b325830b ec5ce317 c7fd2367
A: hmac-md5 a07d8b9b 134b73d6 d95b79c2 8b587bd1
seq=0x00000000 replay=4 flags=0x00000000 state=mature
created: Sep 2 09:51:00 2007 current: Sep 2 09:51:52 2007
diff: 52(s) hard: 28800(s) soft: 23040(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=1 pid=12300 refcnt=1
12x.xx.xx.xx 19x.xx.xx.xx
esp mode=tunnel spi=188927177(0x0b42ccc9) reqid=0(0x00000000)
E: 3des-cbc 5780cb44 4a0db68e dd5a1693 6ab11209 73232f41 51309540
A: hmac-md5 c0c79a4a 70846358 67849856 717fa620
seq=0x00000000 replay=4 flags=0x00000000 state=mature
created: Sep 2 09:51:00 2007 current: Sep 2 09:51:52 2007
diff: 52(s) hard: 28800(s) soft: 23040(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=0 pid=12300 refcnt=1


Where in my configuration files could be wrong?


Thanks
P

 | 
Pages: 1
Prev: Can an SGI IRIS compiled program run on free BSD ?
Next: acd0: TIMEOUT