Home › Forums › Archive › VPN Clearing House › I have the same problem
I’ve got a similar problem — however, I decided that the article is in error and set the ips the way I think they should have been.
I am trying to encrypt traffic between my iBook (.55) and a FreeBSD server (.177) (which uses the same Racoon daemon, so that shoulnd’t be a problem). Phase 1 fails, so the whole thing fails.
Here is a portion my log, including debug output. This is from the iBook, but it is the same on the other end:
Jul 27 22:30:46 Drax racoon: DEBUG: policy.c:184:cmpspidxstrict(): sub:0xbffffa40: 192.168.1.55/32[0] 192.168.1.177/32[0] proto=any dir=out
Jul 27 22:30:46 Drax racoon: DEBUG: policy.c:185:cmpspidxstrict(): db :0xaa498: 192.168.1.177/32[0] 192.168.1.55/32[0] proto=any dir=in
Jul 27 22:31:45 Drax racoon: DEBUG: pfkey.c:192:pfkey_handler(): get pfkey ACQUIRE message
Jul 27 22:31:45 Drax racoon: DEBUG: pfkey.c:1519:pk_recvacquire(): suitable outbound SP found: 192.168.1.55/32[0] 192.168.1.177/32[0] proto=any d$
Jul 27 22:31:45 Drax racoon: DEBUG: policy.c:184:cmpspidxstrict(): sub:0xbffffa30: 192.168.1.177/32[0] 192.168.1.55/32[0] proto=any dir=in
Jul 27 22:31:45 Drax racoon: DEBUG: policy.c:185:cmpspidxstrict(): db :0xaa498: 192.168.1.177/32[0] 192.168.1.55/32[0] proto=any dir=in
Jul 27 22:31:45 Drax racoon: DEBUG: pfkey.c:1535:pk_recvacquire(): suitable inbound SP found: 192.168.1.177/32[0] 192.168.1.55/32[0] proto=any di$
Jul 27 22:31:45 Drax racoon: DEBUG: pfkey.c:1574:pk_recvacquire(): new acquire 192.168.1.55/32[0] 192.168.1.177/32[0] proto=any dir=out
Jul 27 22:31:45 Drax racoon: DEBUG: proposal.c:825:printsaproto(): (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Transport reqid=0$
Jul 27 22:31:45 Drax racoon: DEBUG: proposal.c:859:printsatrns(): (trns_id=3DES encklen=0 authtype=2)
Jul 27 22:31:45 Drax racoon: DEBUG: remoteconf.c:129:getrmconf(): anonymous configuration selected for 192.168.1.177.
Jul 27 22:31:45 Drax racoon: INFO: isakmp.c:1681:isakmp_post_acquire(): IPsec-SA request for 192.168.1.177 queued due to no phase1 found.
Jul 27 22:31:45 Drax racoon: DEBUG: isakmp.c:790:isakmp_ph1begin_i(): ===
Jul 27 22:31:45 Drax racoon: INFO: isakmp.c:795:isakmp_ph1begin_i(): initiate new phase 1 negotiation: 192.168.1.55[500]<=>192.168.1.177[500]
Jul 27 22:31:45 Drax racoon: INFO: isakmp.c:800:isakmp_ph1begin_i(): begin Identity Protection mode.
Jul 27 22:31:45 Drax racoon: DEBUG: isakmp.c:1993:isakmp_newcookie(): new cookie: 1aa5edf5426dc07c
Jul 27 22:31:45 Drax racoon: DEBUG: isakmp.c:2110:set_isakmp_payload(): add payload of len 48, next type 0
Jul 27 22:31:45 Drax racoon: DEBUG: sockmisc.c:421:sendfromto(): sockname 192.168.1.55[500]
Jul 27 22:31:45 Drax racoon: DEBUG: sockmisc.c:423:sendfromto(): send packet from 192.168.1.55[500]
Jul 27 22:31:45 Drax racoon: DEBUG: sockmisc.c:425:sendfromto(): send packet to 192.168.1.177[500]
Jul 27 22:31:45 Drax racoon: DEBUG: sockmisc.c:563:sendfromto(): 1 times of 80 bytes message will be sent to 192.168.1.55[500]
Jul 27 22:31:45 Drax racoon: DEBUG: plog.c:193:plogdump(): 1aa5edf5 426dc07c 00000000 00000000 01100200 00000000 00000050 00000034 00000001 0000$
Jul 27 22:31:45 Drax racoon: DEBUG: isakmp.c:1446:isakmp_ph1resend(): resend phase1 packet 1aa5edf5426dc07c:0000000000000000
Jul 27 22:31:55 Drax racoon: DEBUG: sockmisc.c:421:sendfromto(): sockname 192.168.1.55[500]
Jul 27 22:31:55 Drax racoon: DEBUG: sockmisc.c:423:sendfromto(): send packet from 192.168.1.55[500]
Jul 27 22:31:55 Drax racoon: DEBUG: sockmisc.c:425:sendfromto(): send packet to 192.168.1.177[500]
Jul 27 22:31:55 Drax racoon: DEBUG: sockmisc.c:563:sendfromto(): 1 times of 80 bytes message will be sent to 192.168.1.55[500]
Jul 27 22:31:55 Drax racoon: DEBUG: plog.c:193:plogdump(): 1aa5edf5 426dc07c 00000000 00000000 01100200 00000000 00000050 00000034 00000001 0000$
Jul 27 22:31:55 Drax racoon: DEBUG: isakmp.c:1446:isakmp_ph1resend(): resend phase1 packet 1aa5edf5426dc07c:0000000000000000
Jul 27 22:32:05 Drax racoon: DEBUG: sockmisc.c:421:sendfromto(): sockname 192.168.1.55[500]
Jul 27 22:32:05 Drax racoon: DEBUG: sockmisc.c:423:sendfromto(): send packet from 192.168.1.55[500]
Jul 27 22:32:05 Drax racoon: DEBUG: sockmisc.c:425:sendfromto(): send packet to 192.168.1.177[500]
Jul 27 22:32:05 Drax racoon: DEBUG: sockmisc.c:563:sendfromto(): 1 times of 80 bytes message will be sent to 192.168.1.55[500]
Jul 27 22:32:05 Drax racoon: DEBUG: plog.c:193:plogdump(): 1aa5edf5 426dc07c 00000000 00000000 01100200 00000000 00000050 00000034 00000001 0000$
Jul 27 22:32:05 Drax racoon: DEBUG: isakmp.c:1446:isakmp_ph1resend(): resend phase1 packet 1aa5edf5426dc07c:0000000000000000
Jul 27 22:32:15 Drax racoon: DEBUG: sockmisc.c:421:sendfromto(): sockname 192.168.1.55[500]
Jul 27 22:32:15 Drax racoon: DEBUG: sockmisc.c:423:sendfromto(): send packet from 192.168.1.55[500]
Jul 27 22:32:15 Drax racoon: DEBUG: sockmisc.c:425:sendfromto(): send packet to 192.168.1.177[500]
Jul 27 22:32:15 Drax racoon: DEBUG: sockmisc.c:563:sendfromto(): 1 times of 80 bytes message will be sent to 192.168.1.55[500]
Jul 27 22:32:15 Drax racoon: DEBUG: plog.c:193:plogdump(): 1aa5edf5 426dc07c 00000000 00000000 01100200 00000000 00000050 00000034 00000001 0000$
Jul 27 22:32:15 Drax racoon: DEBUG: isakmp.c:1446:isakmp_ph1resend(): resend phase1 packet 1aa5edf5426dc07c:0000000000000000
Jul 27 22:32:16 Drax racoon: ERROR: isakmp.c:1773:isakmp_chkph1there(): phase2 negotiation failed due to time up waiting for phase1. ESP 192.168.$
Jul 27 22:32:16 Drax racoon: INFO: isakmp.c:1778:isakmp_chkph1there(): delete phase 2 handler.
Here is how the setkey looks on the laptop:
192.168.1.177[any] 192.168.1.55[any] any
in ipsec
esp/transport/192.168.1.177-192.168.1.55/require
spid=7 seq=1 pid=556
refcnt=1
192.168.1.55[any] 192.168.1.177[any] any
out ipsec
esp/transport/192.168.1.55-192.168.1.177/require
spid=8 seq=0 pid=556
refcnt=1
It looks opposite to this on the freebsd box.
What is the problem (other then Phase 1 failing)?
This was suposed to be a reply to the message on the similar topic. My mistake!
A followup — the link works fine as i can establish a secure IPsec connection using manual keying.
Now — if only i could get racoon working!