- This topic has 4 replies, 3 voices, and was last updated 21 years, 8 months ago by
Al Mills.
-
AuthorPosts
-
July 29, 2003 at 1:05 am #356189AnonymousParticipant
Hi Everyone,
I’ve got what I think is two issues going on at the same time. I’m a former PC IT guy so I’m a bit of a newbie at the Unix/Mac stuff. Be gentle.
Problem 1.
I’m not sure what the Local Network Mask value should be set to. If I set it up as 255.255.255.0/24 or (1/24), I get the ‘Cannot Parse configuration file error’. It seems that it doesn’t choke if I just enter 24 or 32 or similar values. What is it I don’t understand?
Problem 2.
The Log from the router seems to indicate that Phase 1 is negotiating OK, but seems to get caught up at Phase 2. Here’s a snippit from the log:
2003-07-28 16:46:35 IKE[71] Rx << MM_I1 : 65.93.91.53 SA
2003-07-28 16:46:35 IKE[71] Tx >> MM_R1 : 65.93.91.53 SA
2003-07-28 16:46:35 IKE[71] ISAKMP SA CKI=[9dbc600 cd38d924] CKR=[8f63137 4dcb5b9d]
2003-07-28 16:46:35 IKE[71] ISAKMP SA 3DES / SHA / PreShared / MODP_1024 / 14400 sec (*0 sec)
2003-07-28 16:46:36 IKE[71] Rx << MM_I2 : 65.93.91.53 KE, NONCE, VID
2003-07-28 16:46:36 IKE[71] Tx >> MM_R2 : 65.93.91.53 KE, NONCE
2003-07-28 16:46:36 This connection request matches tunnel 3 setting !
2003-07-28 16:46:36 IKE[3] Rx << MM_I3 : 65.93.91.53 ID, HASH
2003-07-28 16:46:36 IKE[3] Tx >> MM_R3 : 65.93.91.53 ID, HASH
2003-07-28 16:46:36 IKE[3] Rx << Notify :It simply times out after this last line.
Any help would be greatly appreciated.
Al
July 29, 2003 at 7:46 pm #356197AnonymousParticipantThanks for the quick reply!
I think I’ve made some progress. I’m not sure this is what you meant by Debug mode but I produced this log. I’m not sure specifically what the error means, but if you had any ideas that would be great.
2003-07-29 15:37:46: DEBUG2: cftoken.l:187:yylex(): <23>
2003-07-29 15:37:46: DEBUG2: cftoken.l:308:yylex(): <23>
n not be checked because sadb message doesn’t support it.ompression algorithm ca/etc/racoon/logit.txt (93%)
2003-07-29 15:37:46: DEBUG: sainfo.c:100:getsainfo(): anonymous sainfo selected.2003-07-29 15:37:46: DEBUG2: cfparse.y:1354:cfparse(): parse successed.
2003-07-29 15:37:46: DEBUG: grabmyaddr.c:205:grab_myaddrs(): my interface: ::1 (lo0)
2003-07-29 15:37:46: DEBUG: grabmyaddr.c:205:grab_myaddrs(): my interface: fe80::1 (lo0)
2003-07-29 15:37:46: DEBUG: grabmyaddr.c:205:grab_myaddrs(): my interface: 127.0.0.1 (lo0)
2003-07-29 15:37:46: DEBUG: grabmyaddr.c:205:grab_myaddrs(): my interface: 10.10.10.105 (gif0)
2003-07-29 15:37:46: DEBUG: grabmyaddr.c:205:grab_myaddrs(): my interface: fe80::20a:95ff:fe9c:fc (gif0)
2003-07-29 15:37:46: DEBUG: grabmyaddr.c:205:grab_myaddrs(): my interface: fe80::20a:95ff:fe9c:fc (en0)
2003-07-29 15:37:46: DEBUG: grabmyaddr.c:205:grab_myaddrs(): my interface: 192.168.2.100 (en0)
2003-07-29 15:37:46: DEBUG: grabmyaddr.c:472:autoconf_myaddrsport(): configuring default isakmp port.
2003-07-29 15:37:46: DEBUG: grabmyaddr.c:494:autoconf_myaddrsport(): 7 addrs are configured successfully
2003-07-29 15:37:46: ERROR: isakmp.c:1349:isakmp_open(): failed to bind (Address already in use).
2003-07-29 15:37:46: ERROR: isakmp.c:1349:isakmp_open(): failed to bind (Address already in use).
2003-07-29 15:37:46: ERROR: isakmp.c:1349:isakmp_open(): failed to bind (Address already in use).
2003-07-29 15:37:46: ERROR: isakmp.c:1349:isakmp_open(): failed to bind (Address already in use).
2003-07-29 15:37:46: ERROR: isakmp.c:1349:isakmp_open(): failed to bind (Address already in use).
2003-07-29 15:37:46: ERROR: isakmp.c:1349:isakmp_open(): failed to bind (Address already in use).
2003-07-29 15:37:46: ERROR: isakmp.c:1349:isakmp_open(): failed to bind (Address already in use).
2003-07-29 15:37:46: ERROR: isakmp.c:1372:isakmp_open(): no address could be bound.Thanks,
Al
July 31, 2003 at 2:32 am #356208Al MillsParticipantHi Joel,
As far as the firmware goes, our IT guy assures me we have the latest and he’s a pretty savvy guy so I think we’re there.
I produced a different log, but to my untrained eye, I don’t see anything that I think is relevant, I hope it’s OK to post an abbreviated version here. I only took out lines that didn’t post errors or info etc.
2003-07-30 22:16:55: INFO: main.c:169:main(): @(#)racoon 20001216 20001216 sakan
[email protected]
2003-07-30 22:16:56: INFO: main.c:170:main(): @(#)This product linked OpenSSL 0.
9.6i Feb 19 2003 (http://www.openssl.org/)
2003-07-30 22:16:56: DEBUG: pfkey.c:368:pfkey_init(): call pfkey_send_register f
or AH
2003-07-30 22:16:56: DEBUG: pfkey.c:368:pfkey_init(): call pfkey_send_register f
or ESP
2003-07-30 22:16:56: DEBUG: pfkey.c:368:pfkey_init(): call pfkey_send_register f
or IPCOMP
2003-07-30 22:16:56: DEBUG2: cftoken.l:421:yylex(): <3>
2003-07-30 22:16:56: DEBUG2: cftoken.l:111:yylex(): begin <5>path
2003-07-30 22:16:56: DEBUG2: cftoken.l:120:yylex(): begin <3>;
2003-07-30 22:16:56: DEBUG2: cftoken.l:111:yylex(): begin <5>path
2003-07-30 22:16:56: DEBUG2: cftoken.l:120:yylex(): begin <3>;
2003-07-30 22:16:56: DEBUG2: cftoken.l:111:yylex(): begin <5>path
2003-07-30 22:16:56: DEBUG2: cftoken.l:120:yylex(): begin <3>;
2003-07-30 22:16:56: DEBUG2: cftoken.l:143:yylex(): begin <11>padding
2003-07-30 22:16:56: DEBUG2: cftoken.l:153:yylex(): begin <13>listen
2003-07-30 22:16:56: DEBUG2: cftoken.l:161:yylex(): begin <15>timer
2003-07-30 22:16:56: DEBUG2: cftoken.l:191:yylex(): begin <25>remote
2003-07-30 22:16:56: DEBUG2: cftoken.l:234:yylex(): begin <29>proposal
2003-07-30 22:16:56: DEBUG2: cfparse.y:1172:set_isakmp_proposal(): lifetime = 60
2003-07-30 22:16:56: DEBUG2: cfparse.y:1175:set_isakmp_proposal(): lifebyte = 0
2003-07-30 22:16:56: DEBUG2: cfparse.y:1178:set_isakmp_proposal(): encklen=0
2003-07-30 22:16:56: DEBUG2: cfparse.y:1241:expand_isakmpspec(): p:1 t:1
2003-07-30 22:16:56: DEBUG2: cfparse.y:1245:expand_isakmpspec(): 3DES-CBC(5)
2003-07-30 22:16:56: DEBUG2: cfparse.y:1245:expand_isakmpspec(): SHA(2)
2003-07-30 22:16:56: DEBUG2: cfparse.y:1245:expand_isakmpspec(): 1024-bit MODP g
roup(2)
2003-07-30 22:16:56: DEBUG2: cfparse.y:1245:expand_isakmpspec(): pre-shared key(
1)
2003-07-30 22:16:56: DEBUG2: cfparse.y:1252:expand_isakmpspec():
2003-07-30 22:16:56: DEBUG: algorithm.c:610:alg_oakley_dhdef(): hmac(modp1024)
2003-07-30 22:16:56: DEBUG2: cftoken.l:191:yylex(): begin <25>remote
2003-07-30 22:16:56: DEBUG2: cftoken.l:234:yylex(): begin <29>proposal
2003-07-30 22:16:56: DEBUG2: cfparse.y:1172:set_isakmp_proposal(): lifetime = 60
2003-07-30 22:16:56: DEBUG2: cfparse.y:1175:set_isakmp_proposal(): lifebyte = 0
2003-07-30 22:16:56: DEBUG2: cfparse.y:1178:set_isakmp_proposal(): encklen=0
2003-07-30 22:16:56: DEBUG2: cfparse.y:1241:expand_isakmpspec(): p:1 t:1
2003-07-30 22:16:56: DEBUG2: cfparse.y:1245:expand_isakmpspec(): 3DES-CBC(5)
2003-07-30 22:16:56: DEBUG2: cfparse.y:1245:expand_isakmpspec(): SHA(2)
2003-07-30 22:16:56: DEBUG2: cfparse.y:1245:expand_isakmpspec(): 1024-bit MODP group(2)
2003-07-30 22:16:56: DEBUG2: cfparse.y:1245:expand_isakmpspec(): pre-shared key(1)
2003-07-30 22:16:56: DEBUG2: cfparse.y:1252:expand_isakmpspec():
2003-07-30 22:16:56: DEBUG: algorithm.c:610:alg_oakley_dhdef(): hmac(modp1024)
2003-07-30 22:16:56: DEBUG2: cftoken.l:171:yylex(): begin <21>sainfo
2003-07-30 22:16:56: DEBUG: pfkey.c:2240:pk_checkalg(): compression algorithm can not be checked because sadb message doesn’t suppor
t it.
2003-07-30 22:16:56: DEBUG2: cftoken.l:171:yylex(): begin <21>sainfo
2003-07-30 22:16:56: DEBUG: pfkey.c:2240:pk_checkalg(): compression algorithm can not be checked because sadb message doesn’t suppor
t it.
2003-07-30 22:16:56: DEBUG: sainfo.c:100:getsainfo(): anonymous sainfo selected.
2003-07-30 22:16:56: DEBUG2: cfparse.y:1354:cfparse(): parse successed.
2003-07-30 22:16:56: DEBUG: grabmyaddr.c:205:grab_myaddrs(): my interface: ::1 (lo0)
2003-07-30 22:16:56: DEBUG: grabmyaddr.c:205:grab_myaddrs(): my interface: fe80::1 (lo0)
2003-07-30 22:16:56: DEBUG: grabmyaddr.c:205:grab_myaddrs(): my interface: 127.0.0.1 (lo0)
2003-07-30 22:16:56: DEBUG: grabmyaddr.c:205:grab_myaddrs(): my interface: fe80::20a:95ff:fe9c:fc (en0)
2003-07-30 22:16:56: DEBUG: grabmyaddr.c:205:grab_myaddrs(): my interface: 192.168.2.100 (en0)
2003-07-30 22:16:56: DEBUG: grabmyaddr.c:472:autoconf_myaddrsport(): configuring default isakmp port.
2003-07-30 22:16:56: DEBUG: grabmyaddr.c:494:autoconf_myaddrsport(): 5 addrs are configured successfully
2003-07-30 22:16:56: INFO: isakmp.c:1357:isakmp_open(): 192.168.2.100[500] used as isakmp port (fd=5)
2003-07-30 22:16:56: INFO: isakmp.c:1357:isakmp_open(): fe80::20a:95ff:fe9c:fc[500] used as isakmp port (fd=6)
2003-07-30 22:16:56: INFO: isakmp.c:1357:isakmp_open(): 127.0.0.1[500] used as isakmp port (fd=7)
2003-07-30 22:16:56: INFO: isakmp.c:1357:isakmp_open(): fe80::1[500] used as isakmp port (fd=8)
2003-07-30 22:16:56: INFO: isakmp.c:1357:isakmp_open(): ::1[500] used as isakmp port (fd=9)
2003-07-30 22:16:56: DEBUG: pfkey.c:192:pfkey_handler(): get pfkey X_SPDDUMP message
2003-07-30 22:16:56: DEBUG2: plog.c:193:plogdump():
02120200 00020000 00000000 000002a4
2003-07-30 22:16:56: DEBUG: pfkey.c:207:pfkey_handler(): pfkey X_SPDDUMP failed: No such file or directory
2003-07-30 22:17:18: INFO: session.c:281:check_sigreq(): caught signal 15
2003-07-30 22:17:18: DEBUG: pfkey.c:192:pfkey_handler(): get pfkey FLUSH message
2003-07-30 22:17:18: DEBUG2: plog.c:193:plogdump():
02090000 00020000 00000000 000002a5
2003-07-30 22:17:19: DEBUG: pfkey.c:268:pfkey_dump_sadb(): call pfkey_send_dump
2003-07-30 22:17:19: INFO: session.c:180:close_session(): racoon shutdownI hope this post isn’t too long!
Thanks Joel, I really appreciate your help.
Al
-
AuthorPosts
- You must be logged in to reply to this topic.
Comments are closed