Home Forums Archive VPN Clearing House I have the same problem

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • July 28, 2003 at 2:45 am #356178
    Anonymous
    Participant

    I’ve got a similar problem — however, I decided that the article is in error and set the ips the way I think they should have been.

    I am trying to encrypt traffic between my iBook (.55) and a FreeBSD server (.177) (which uses the same Racoon daemon, so that shoulnd’t be a problem). Phase 1 fails, so the whole thing fails.

    Here is a portion my log, including debug output. This is from the iBook, but it is the same on the other end:

    Jul 27 22:30:46 Drax racoon: DEBUG: policy.c:184:cmpspidxstrict(): sub:0xbffffa40: 192.168.1.55/32[0] 192.168.1.177/32[0] proto=any dir=out
    Jul 27 22:30:46 Drax racoon: DEBUG: policy.c:185:cmpspidxstrict(): db :0xaa498: 192.168.1.177/32[0] 192.168.1.55/32[0] proto=any dir=in
    Jul 27 22:31:45 Drax racoon: DEBUG: pfkey.c:192:pfkey_handler(): get pfkey ACQUIRE message
    Jul 27 22:31:45 Drax racoon: DEBUG: pfkey.c:1519:pk_recvacquire(): suitable outbound SP found: 192.168.1.55/32[0] 192.168.1.177/32[0] proto=any d$
    Jul 27 22:31:45 Drax racoon: DEBUG: policy.c:184:cmpspidxstrict(): sub:0xbffffa30: 192.168.1.177/32[0] 192.168.1.55/32[0] proto=any dir=in
    Jul 27 22:31:45 Drax racoon: DEBUG: policy.c:185:cmpspidxstrict(): db :0xaa498: 192.168.1.177/32[0] 192.168.1.55/32[0] proto=any dir=in
    Jul 27 22:31:45 Drax racoon: DEBUG: pfkey.c:1535:pk_recvacquire(): suitable inbound SP found: 192.168.1.177/32[0] 192.168.1.55/32[0] proto=any di$
    Jul 27 22:31:45 Drax racoon: DEBUG: pfkey.c:1574:pk_recvacquire(): new acquire 192.168.1.55/32[0] 192.168.1.177/32[0] proto=any dir=out
    Jul 27 22:31:45 Drax racoon: DEBUG: proposal.c:825:printsaproto(): (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Transport reqid=0$
    Jul 27 22:31:45 Drax racoon: DEBUG: proposal.c:859:printsatrns(): (trns_id=3DES encklen=0 authtype=2)
    Jul 27 22:31:45 Drax racoon: DEBUG: remoteconf.c:129:getrmconf(): anonymous configuration selected for 192.168.1.177.
    Jul 27 22:31:45 Drax racoon: INFO: isakmp.c:1681:isakmp_post_acquire(): IPsec-SA request for 192.168.1.177 queued due to no phase1 found.
    Jul 27 22:31:45 Drax racoon: DEBUG: isakmp.c:790:isakmp_ph1begin_i(): ===
    Jul 27 22:31:45 Drax racoon: INFO: isakmp.c:795:isakmp_ph1begin_i(): initiate new phase 1 negotiation: 192.168.1.55[500]<=>192.168.1.177[500]
    Jul 27 22:31:45 Drax racoon: INFO: isakmp.c:800:isakmp_ph1begin_i(): begin Identity Protection mode.
    Jul 27 22:31:45 Drax racoon: DEBUG: isakmp.c:1993:isakmp_newcookie(): new cookie: 1aa5edf5426dc07c
    Jul 27 22:31:45 Drax racoon: DEBUG: isakmp.c:2110:set_isakmp_payload(): add payload of len 48, next type 0
    Jul 27 22:31:45 Drax racoon: DEBUG: sockmisc.c:421:sendfromto(): sockname 192.168.1.55[500]
    Jul 27 22:31:45 Drax racoon: DEBUG: sockmisc.c:423:sendfromto(): send packet from 192.168.1.55[500]
    Jul 27 22:31:45 Drax racoon: DEBUG: sockmisc.c:425:sendfromto(): send packet to 192.168.1.177[500]
    Jul 27 22:31:45 Drax racoon: DEBUG: sockmisc.c:563:sendfromto(): 1 times of 80 bytes message will be sent to 192.168.1.55[500]
    Jul 27 22:31:45 Drax racoon: DEBUG: plog.c:193:plogdump(): 1aa5edf5 426dc07c 00000000 00000000 01100200 00000000 00000050 00000034 00000001 0000$
    Jul 27 22:31:45 Drax racoon: DEBUG: isakmp.c:1446:isakmp_ph1resend(): resend phase1 packet 1aa5edf5426dc07c:0000000000000000
    Jul 27 22:31:55 Drax racoon: DEBUG: sockmisc.c:421:sendfromto(): sockname 192.168.1.55[500]
    Jul 27 22:31:55 Drax racoon: DEBUG: sockmisc.c:423:sendfromto(): send packet from 192.168.1.55[500]
    Jul 27 22:31:55 Drax racoon: DEBUG: sockmisc.c:425:sendfromto(): send packet to 192.168.1.177[500]
    Jul 27 22:31:55 Drax racoon: DEBUG: sockmisc.c:563:sendfromto(): 1 times of 80 bytes message will be sent to 192.168.1.55[500]
    Jul 27 22:31:55 Drax racoon: DEBUG: plog.c:193:plogdump(): 1aa5edf5 426dc07c 00000000 00000000 01100200 00000000 00000050 00000034 00000001 0000$
    Jul 27 22:31:55 Drax racoon: DEBUG: isakmp.c:1446:isakmp_ph1resend(): resend phase1 packet 1aa5edf5426dc07c:0000000000000000
    Jul 27 22:32:05 Drax racoon: DEBUG: sockmisc.c:421:sendfromto(): sockname 192.168.1.55[500]
    Jul 27 22:32:05 Drax racoon: DEBUG: sockmisc.c:423:sendfromto(): send packet from 192.168.1.55[500]
    Jul 27 22:32:05 Drax racoon: DEBUG: sockmisc.c:425:sendfromto(): send packet to 192.168.1.177[500]
    Jul 27 22:32:05 Drax racoon: DEBUG: sockmisc.c:563:sendfromto(): 1 times of 80 bytes message will be sent to 192.168.1.55[500]
    Jul 27 22:32:05 Drax racoon: DEBUG: plog.c:193:plogdump(): 1aa5edf5 426dc07c 00000000 00000000 01100200 00000000 00000050 00000034 00000001 0000$
    Jul 27 22:32:05 Drax racoon: DEBUG: isakmp.c:1446:isakmp_ph1resend(): resend phase1 packet 1aa5edf5426dc07c:0000000000000000
    Jul 27 22:32:15 Drax racoon: DEBUG: sockmisc.c:421:sendfromto(): sockname 192.168.1.55[500]
    Jul 27 22:32:15 Drax racoon: DEBUG: sockmisc.c:423:sendfromto(): send packet from 192.168.1.55[500]
    Jul 27 22:32:15 Drax racoon: DEBUG: sockmisc.c:425:sendfromto(): send packet to 192.168.1.177[500]
    Jul 27 22:32:15 Drax racoon: DEBUG: sockmisc.c:563:sendfromto(): 1 times of 80 bytes message will be sent to 192.168.1.55[500]
    Jul 27 22:32:15 Drax racoon: DEBUG: plog.c:193:plogdump(): 1aa5edf5 426dc07c 00000000 00000000 01100200 00000000 00000050 00000034 00000001 0000$
    Jul 27 22:32:15 Drax racoon: DEBUG: isakmp.c:1446:isakmp_ph1resend(): resend phase1 packet 1aa5edf5426dc07c:0000000000000000
    Jul 27 22:32:16 Drax racoon: ERROR: isakmp.c:1773:isakmp_chkph1there(): phase2 negotiation failed due to time up waiting for phase1. ESP 192.168.$
    Jul 27 22:32:16 Drax racoon: INFO: isakmp.c:1778:isakmp_chkph1there(): delete phase 2 handler.

    Here is how the setkey looks on the laptop:

    192.168.1.177[any] 192.168.1.55[any] any
    in ipsec
    esp/transport/192.168.1.177-192.168.1.55/require
    spid=7 seq=1 pid=556
    refcnt=1
    192.168.1.55[any] 192.168.1.177[any] any
    out ipsec
    esp/transport/192.168.1.55-192.168.1.177/require
    spid=8 seq=0 pid=556
    refcnt=1

    It looks opposite to this on the freebsd box.

    What is the problem (other then Phase 1 failing)?

    July 28, 2003 at 2:46 am #356179
    Anonymous
    Participant

    This was suposed to be a reply to the message on the similar topic. My mistake!

    July 28, 2003 at 3:40 am #356180
    Anonymous
    Participant

    A followup — the link works fine as i can establish a secure IPsec connection using manual keying.

    Now — if only i could get racoon working!

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2026 AFP548. All Rights Reserved.