View Single Post
  #3   (View Single Post)  
Old 30th December 2008
kasse kasse is offline
Fdisk Soldier
 
Join Date: Jun 2008
Posts: 67
Default

Thanks!
I commented out those lines specifying the phase 1,2 crypto settings and set the freebsd to enc to aes. Now instead I get errors that there are no
configurations.
Now I have spd on freebsd
Code:
192.168.0.103[any] 192.168.0.100[any] any
	in ipsec
	esp/transport//use
	spid=3 seq=1 pid=2467
	refcnt=1
192.168.0.100[any] 192.168.0.103[any] any
	out ipsec
	esp/transport//use
	spid=2 seq=0 pid=2467
	refcnt=1

but no SA connections:
On freebsd
Code:
Foreground mode.
2008-12-30 12:07:41: INFO: @(#)ipsec-tools 0.7.1 (http://ipsec-tools.sourceforge.net)
2008-12-30 12:07:41: INFO: @(#)This product linked OpenSSL 0.9.8i 15 Sep 2008 (http://www.openssl.org/)
2008-12-30 12:07:41: INFO: Reading configuration from "/usr/local/etc/racoon/racoon.conf"
2008-12-30 12:07:41: INFO: Resize address pool from 0 to 255
2008-12-30 12:07:41: INFO: 192.168.0.100[500] used as isakmp port (fd=6)
2008-12-30 12:09:10: ERROR: couldn't find configuration.
2008-12-30 12:09:17: ERROR: couldn't find configuration.
2008-12-30 12:09:26: ERROR: couldn't find configuration.
2008-12-30 12:09:37: ERROR: couldn't find configuration.
2008-12-30 12:09:37: ERROR: no configuration found for 192.168.0.103.
2008-12-30 12:09:37: ERROR: failed to begin ipsec sa negotication.
and on openbsd
Code:
120610.144329 Default transport_send_messages: giving up on exchange peer-192.168.0.100, no response from peer 192.168.0.100:500
here is tcpdump port 500 for freebsd
Code:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 96 bytes
12:47:10.453595 IP 192.168.0.103.isakmp > Dell.isakmp: isakmp: phase 1 I ident
12:47:17.468224 IP 192.168.0.103.isakmp > Dell.isakmp: isakmp: phase 1 I ident
12:47:26.478179 IP 192.168.0.103.isakmp > Dell.isakmp: isakmp: phase 1 I ident
12:47:37.488083 IP 192.168.0.103.isakmp > Dell.isakmp: isakmp: phase 1 I ident
12:49:10.471921 IP 192.168.0.103.isakmp > Dell.isakmp: isakmp: phase 1 I ident
and for openbsd
Code:
tcpdump: listening on acx0, link-type EN10MB
12:47:43.468574 192.168.0.103.isakmp > 192.168.0.100.isakmp: isakmp v1.0 exchange ID_PROT
        cookie: d3aee8f49e31661e->0000000000000000 msgid: 00000000 len: 184
12:47:50.483722 192.168.0.103.isakmp > 192.168.0.100.isakmp: isakmp v1.0 exchange ID_PROT
        cookie: d3aee8f49e31661e->0000000000000000 msgid: 00000000 len: 184
12:47:59.493502 192.168.0.103.isakmp > 192.168.0.100.isakmp: isakmp v1.0 exchange ID_PROT
        cookie: d3aee8f49e31661e->0000000000000000 msgid: 00000000 len: 184
12:48:10.503219 192.168.0.103.isakmp > 192.168.0.100.isakmp: isakmp v1.0 exchange ID_PROT
        cookie: d3aee8f49e31661e->0000000000000000 msgid: 00000000 len: 184

Last edited by kasse; 30th December 2008 at 11:48 AM. Reason: adding some tcpdump info
Reply With Quote