Package: racoon
Version: 0.6.2-2
When upgrading to 0.6.2-2 from testing/unstable, the VPN stopped
working. I have one tunnel mode that tunnels internal networks of
gateways and one transport mode between the gateways (so they can
exchange mail using encrypted connection).
In 0.5.2-1 from stable, everything works. In 0.6.2-2 (and my package of
upstream 0.6.3 I tried in case it solved the bug, which it didn't), it
stops working.
my ipsec-tools.conf:
-----
#!/usr/sbin/setkey -f
flush;
spdflush;
spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
esp/tunnel/172.16.0.1-172.19.0.1/unique;
spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
esp/tunnel/172.19.0.1-172.16.0.1/unique;
spdadd 172.19.0.1/32 172.16.0.1/32 any -P out ipsec
esp/transport//unique;
spdadd 172.16.0.1/32 172.19.0.1/32 any -P in ipsec
esp/transport//unique;
-----
my racoon.conf:
-----
path certificate "/etc/racoon/certs";
log debug;
remote 172.16.0.1 {
exchange_mode main;
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group modp1024;
}
generate_policy off;
}
sainfo address 192.168.2.0/24[any] any address 192.168.1.0/24[any] any {
pfs_group modp1024;
encryption_algorithm aes;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
sainfo address 172.19.0.1/32[any] any address 172.16.0.1/32[any] any {
lifetime time 1 hour ;
encryption_algorithm aes, 3des ;
authentication_algorithm hmac_sha1, hmac_md5 ;
compression_algorithm deflate;
}
-----
(the other side is exactly symmetrical).
the log output with 0.6.3 (pretty much the same as 0.6.2, ending with
the same error message).
Nov 25 01:41:18 adsl racoon: INFO: @(#)ipsec-tools 0.6.3
(http://ipsec-tools.sourceforge.net)
Nov 25 01:41:18 adsl racoon: INFO: @(#)This product linked OpenSSL
0.9.7e 25 Oct 2004 (http://www.openssl.org/)Nov 25 01:41:18 adsl racoon:
DEBUG: compression algorithm can not be checked because sadb message
doesn't support it.
Nov 25 01:41:18 adsl racoon: DEBUG: compression algorithm can not be
checked because sadb message doesn't support it.
Nov 25 01:41:18 adsl racoon: DEBUG: open /var/run/racoon/racoon.sock as
racoon management.
Nov 25 01:41:18 adsl racoon: DEBUG: my interface:
fe80::213:d3ff:fe60:8b8%eth1 (eth1)
Nov 25 01:41:18 adsl racoon: DEBUG: my interface:
fe80::2e0:4cff:fe00:1405%eth0 (eth0)
Nov 25 01:41:18 adsl racoon: DEBUG: my interface: ::1 (lo)
Nov 25 01:41:18 adsl racoon: DEBUG: my interface: 172.19.0.1 (ppp0)
Nov 25 01:41:18 adsl racoon: DEBUG: my interface: 192.168.2.1 (eth0)
Nov 25 01:41:18 adsl racoon: DEBUG: my interface: 127.0.0.1 (lo)
Nov 25 01:41:18 adsl racoon: DEBUG: configuring default isakmp port.
Nov 25 01:41:18 adsl racoon: DEBUG: 6 addrs are configured successfully
Nov 25 01:41:18 adsl racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=7)
Nov 25 01:41:18 adsl racoon: INFO: 127.0.0.1[500] used for NAT-T
Nov 25 01:41:18 adsl racoon: INFO: 192.168.2.1[500] used as isakmp port
(fd=8)
Nov 25 01:41:18 adsl racoon: INFO: 192.168.2.1[500] used for NAT-T
Nov 25 01:41:18 adsl racoon: INFO: 172.19.0.1[500] used as isakmp port
(fd=9)
Nov 25 01:41:18 adsl racoon: INFO: 172.19.0.1[500] used for NAT-T
Nov 25 01:41:18 adsl racoon: INFO: ::1[500] used as isakmp port (fd=10)
Nov 25 01:41:18 adsl racoon: INFO: fe80::2e0:4cff:fe00:1405%eth0[500]
used as isakmp port (fd=11)
Nov 25 01:41:18 adsl racoon: INFO: fe80::213:d3ff:fe60:8b8%eth1[500]
used as isakmp port (fd=12)
Nov 25 01:41:18 adsl racoon: DEBUG: get pfkey X_SPDDUMP message
Nov 25 01:41:18 adsl racoon: DEBUG: get pfkey X_SPDDUMP message
Nov 25 01:41:18 adsl racoon: DEBUG: sub:0xbf977de0: 172.16.0.1/32[0]
172.19.0.1/32[0] proto=any dir=in
Nov 25 01:41:18 adsl racoon: DEBUG: db :0x80bdd88: 192.168.1.0/24[0]
192.168.2.0/24[0] proto=any dir=in
Nov 25 01:41:18 adsl racoon: DEBUG: get pfkey X_SPDDUMP message
Nov 25 01:41:18 adsl racoon: DEBUG: sub:0xbf977de0: 192.168.2.0/24[0]
192.168.1.0/24[0] proto=any dir=out
Nov 25 01:41:18 adsl racoon: DEBUG: sub:0xbf977de0: 192.168.2.0/24[0]
192.168.1.0/24[0] proto=any dir=out
Nov 25 01:41:18 adsl racoon: DEBUG: db :0x80be110: 172.16.0.1/32[0]
172.19.0.1/32[0] proto=any dir=in
Nov 25 01:41:18 adsl racoon: DEBUG: get pfkey X_SPDDUMP messageNov 25
01:41:18 adsl racoon: DEBUG: sub:0xbf977de0: 172.19.0.1/32[0]
172.16.0.1/32[0] proto=any dir=out
Nov 25 01:41:18 adsl racoon: DEBUG: db :0x80bdd88: 192.168.1.0/24[0]
192.168.2.0/24[0] proto=any dir=in
Nov 25 01:41:18 adsl racoon: DEBUG: sub:0xbf977de0: 172.19.0.1/32[0]
172.16.0.1/32[0] proto=any dir=out
Nov 25 01:41:18 adsl racoon: DEBUG: db :0x80be110: 172.16.0.1/32[0]
172.19.0.1/32[0] proto=any dir=in
Nov 25 01:41:18 adsl racoon: DEBUG: sub:0xbf977de0: 172.19.0.1/32[0]
172.16.0.1/32[0] proto=any dir=out
Nov 25 01:41:18 adsl racoon: DEBUG: db :0x80be350: 192.168.2.0/24[0]
192.168.1.0/24[0] proto=any dir=out
Nov 25 01:41:18 adsl racoon: DEBUG: get pfkey X_SPDDUMP message
Nov 25 01:41:18 adsl racoon: DEBUG: sub:0xbf977de0: 192.168.1.0/24[0]
192.168.2.0/24[0] proto=any dir=fwd
Nov 25 01:41:18 adsl racoon: DEBUG: db :0x80bdd88: 192.168.1.0/24[0]
192.168.2.0/24[0] proto=any dir=in
Nov 25 01:41:18 adsl racoon: DEBUG: sub:0xbf977de0: 192.168.1.0/24[0]
192.168.2.0/24[0] proto=any dir=fwd
Nov 25 01:41:18 adsl racoon: DEBUG: db :0x80be110: 172.16.0.1/32[0]
172.19.0.1/32[0] proto=any dir=in
Nov 25 01:41:18 adsl racoon: DEBUG: sub:0xbf977de0: 192.168.1.0/24[0]
192.168.2.0/24[0] proto=any dir=fwd
Nov 25 01:41:18 adsl racoon: DEBUG: db :0x80be350: 192.168.2.0/24[0]
192.168.1.0/24[0] proto=any dir=out
Nov 25 01:41:18 adsl racoon: DEBUG: sub:0xbf977de0: 192.168.1.0/24[0]
192.168.2.0/24[0] proto=any dir=fwdNov 25 01:41:18 adsl racoon: DEBUG:
db :0x80be590: 172.19.0.1/32[0] 172.16.0.1/32[0] proto=any dir=outNov 25
01:41:18 adsl racoon: DEBUG: get pfkey X_SPDDUMP message
Nov 25 01:41:18 adsl racoon: DEBUG: sub:0xbf977de0: 172.16.0.1/32[0]
172.19.0.1/32[0] proto=any dir=fwd
Nov 25 01:41:18 adsl racoon: DEBUG: db :0x80bdd88: 192.168.1.0/24[0]
192.168.2.0/24[0] proto=any dir=in
Nov 25 01:41:18 adsl racoon: DEBUG: sub:0xbf977de0: 172.16.0.1/32[0]
172.19.0.1/32[0] proto=any dir=fwd
Nov 25 01:41:18 adsl racoon: DEBUG: db :0x80be110: 172.16.0.1/32[0]
172.19.0.1/32[0] proto=any dir=in
Nov 25 01:41:18 adsl racoon: DEBUG: sub:0xbf977de0: 172.16.0.1/32[0]
172.19.0.1/32[0] proto=any dir=fwd
Nov 25 01:41:18 adsl racoon: DEBUG: db :0x80be350: 192.168.2.0/24[0]
192.168.1.0/24[0] proto=any dir=out
Nov 25 01:41:18 adsl racoon: DEBUG: sub:0xbf977de0: 172.16.0.1/32[0]
172.19.0.1/32[0] proto=any dir=fwd
Nov 25 01:41:18 adsl racoon: DEBUG: db :0x80be590: 172.19.0.1/32[0]
172.16.0.1/32[0] proto=any dir=out
Nov 25 01:41:18 adsl racoon: DEBUG: sub:0xbf977de0: 172.16.0.1/32[0]
172.19.0.1/32[0] proto=any dir=fwd
Nov 25 01:41:18 adsl racoon: DEBUG: db :0x80be7d0: 192.168.1.0/24[0]
192.168.2.0/24[0] proto=any dir=fwd
Nov 25 01:41:23 adsl racoon: DEBUG: get pfkey ACQUIRE message
Nov 25 01:41:23 adsl racoon: DEBUG: suitable outbound SP found:
172.19.0.1/32[0] 172.16.0.1/32[0] proto=any dir=out.
Nov 25 01:41:23 adsl racoon: DEBUG: sub:0xbf977dc0: 172.16.0.1/32[0]
172.19.0.1/32[0] proto=any dir=in
Nov 25 01:41:23 adsl racoon: DEBUG: db :0x80bdd88: 192.168.1.0/24[0]
192.168.2.0/24[0] proto=any dir=in
Nov 25 01:41:23 adsl racoon: DEBUG: sub:0xbf977dc0: 172.16.0.1/32[0]
172.19.0.1/32[0] proto=any dir=in
Nov 25 01:41:23 adsl racoon: DEBUG: db :0x80be110: 172.16.0.1/32[0]
172.19.0.1/32[0] proto=any dir=in
Nov 25 01:41:23 adsl racoon: DEBUG: suitable inbound SP found:
172.16.0.1/32[0] 172.19.0.1/32[0] proto=any dir=in.
Nov 25 01:41:23 adsl racoon: DEBUG: new acquire 172.19.0.1/32[0]
172.16.0.1/32[0] proto=any dir=out
Nov 25 01:41:23 adsl racoon: ERROR: failed to get sainfo.
Nov 25 01:53:11 adsl racoon: DEBUG: get pfkey ACQUIRE message
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
