AFP548

I have the same problem

Anonymous
I've got a similar problem -- however, I decided that the article is in error and set the ips the way I think they should have been. I am trying to encrypt traffic between my iBook (.55) and a FreeBSD server (.177) (which uses the same Racoon daemon, so that shoulnd't be a problem). Phase 1 fails, so the whole thing fails. Here is a portion my log, including debug output. This is from the iBook, but it is the same on the other end: Jul 27 22:30:46 Drax racoon: DEBUG: policy.c:184:cmpspidxstrict(): sub:0xbffffa40: 192.168.1.55/32[0] 192.168.1.177/32[0] proto=any dir=out Jul 27 22:30:46 Drax racoon: DEBUG: policy.c:185:cmpspidxstrict(): db :0xaa498: 192.168.1.177/32[0] 192.168.1.55/32[0] proto=any dir=in Jul 27 22:31:45 Drax racoon: DEBUG: pfkey.c:192:pfkey_handler(): get pfkey ACQUIRE message Jul 27 22:31:45 Drax racoon: DEBUG: pfkey.c:1519:pk_recvacquire(): suitable outbound SP found: 192.168.1.55/32[0] 192.168.1.177/32[0] proto=any d$ Jul 27 22:31:45 Drax racoon: DEBUG: policy.c:184:cmpspidxstrict(): sub:0xbffffa30: 192.168.1.177/32[0] 192.168.1.55/32[0] proto=any dir=in Jul 27 22:31:45 Drax racoon: DEBUG: policy.c:185:cmpspidxstrict(): db :0xaa498: 192.168.1.177/32[0] 192.168.1.55/32[0] proto=any dir=in Jul 27 22:31:45 Drax racoon: DEBUG: pfkey.c:1535:pk_recvacquire(): suitable inbound SP found: 192.168.1.177/32[0] 192.168.1.55/32[0] proto=any di$ Jul 27 22:31:45 Drax racoon: DEBUG: pfkey.c:1574:pk_recvacquire(): new acquire 192.168.1.55/32[0] 192.168.1.177/32[0] proto=any dir=out Jul 27 22:31:45 Drax racoon: DEBUG: proposal.c:825:printsaproto(): (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Transport reqid=0$ Jul 27 22:31:45 Drax racoon: DEBUG: proposal.c:859:printsatrns(): (trns_id=3DES encklen=0 authtype=2) Jul 27 22:31:45 Drax racoon: DEBUG: remoteconf.c:129:getrmconf(): anonymous configuration selected for 192.168.1.177. Jul 27 22:31:45 Drax racoon: INFO: isakmp.c:1681:isakmp_post_acquire(): IPsec-SA request for 192.168.1.177 queued due to no phase1 found. Jul 27 22:31:45 Drax racoon: DEBUG: isakmp.c:790:isakmp_ph1begin_i(): === Jul 27 22:31:45 Drax racoon: INFO: isakmp.c:795:isakmp_ph1begin_i(): initiate new phase 1 negotiation: 192.168.1.55[500]<=>192.168.1.177[500] Jul 27 22:31:45 Drax racoon: INFO: isakmp.c:800:isakmp_ph1begin_i(): begin Identity Protection mode. Jul 27 22:31:45 Drax racoon: DEBUG: isakmp.c:1993:isakmp_newcookie(): new cookie: 1aa5edf5426dc07c Jul 27 22:31:45 Drax racoon: DEBUG: isakmp.c:2110:set_isakmp_payload(): add payload of len 48, next type 0 Jul 27 22:31:45 Drax racoon: DEBUG: sockmisc.c:421:sendfromto(): sockname 192.168.1.55[500] Jul 27 22:31:45 Drax racoon: DEBUG: sockmisc.c:423:sendfromto(): send packet from 192.168.1.55[500] Jul 27 22:31:45 Drax racoon: DEBUG: sockmisc.c:425:sendfromto(): send packet to 192.168.1.177[500] Jul 27 22:31:45 Drax racoon: DEBUG: sockmisc.c:563:sendfromto(): 1 times of 80 bytes message will be sent to 192.168.1.55[500] Jul 27 22:31:45 Drax racoon: DEBUG: plog.c:193:plogdump(): 1aa5edf5 426dc07c 00000000 00000000 01100200 00000000 00000050 00000034 00000001 0000$ Jul 27 22:31:45 Drax racoon: DEBUG: isakmp.c:1446:isakmp_ph1resend(): resend phase1 packet 1aa5edf5426dc07c:0000000000000000 Jul 27 22:31:55 Drax racoon: DEBUG: sockmisc.c:421:sendfromto(): sockname 192.168.1.55[500] Jul 27 22:31:55 Drax racoon: DEBUG: sockmisc.c:423:sendfromto(): send packet from 192.168.1.55[500] Jul 27 22:31:55 Drax racoon: DEBUG: sockmisc.c:425:sendfromto(): send packet to 192.168.1.177[500] Jul 27 22:31:55 Drax racoon: DEBUG: sockmisc.c:563:sendfromto(): 1 times of 80 bytes message will be sent to 192.168.1.55[500] Jul 27 22:31:55 Drax racoon: DEBUG: plog.c:193:plogdump(): 1aa5edf5 426dc07c 00000000 00000000 01100200 00000000 00000050 00000034 00000001 0000$ Jul 27 22:31:55 Drax racoon: DEBUG: isakmp.c:1446:isakmp_ph1resend(): resend phase1 packet 1aa5edf5426dc07c:0000000000000000 Jul 27 22:32:05 Drax racoon: DEBUG: sockmisc.c:421:sendfromto(): sockname 192.168.1.55[500] Jul 27 22:32:05 Drax racoon: DEBUG: sockmisc.c:423:sendfromto(): send packet from 192.168.1.55[500] Jul 27 22:32:05 Drax racoon: DEBUG: sockmisc.c:425:sendfromto(): send packet to 192.168.1.177[500] Jul 27 22:32:05 Drax racoon: DEBUG: sockmisc.c:563:sendfromto(): 1 times of 80 bytes message will be sent to 192.168.1.55[500] Jul 27 22:32:05 Drax racoon: DEBUG: plog.c:193:plogdump(): 1aa5edf5 426dc07c 00000000 00000000 01100200 00000000 00000050 00000034 00000001 0000$ Jul 27 22:32:05 Drax racoon: DEBUG: isakmp.c:1446:isakmp_ph1resend(): resend phase1 packet 1aa5edf5426dc07c:0000000000000000 Jul 27 22:32:15 Drax racoon: DEBUG: sockmisc.c:421:sendfromto(): sockname 192.168.1.55[500] Jul 27 22:32:15 Drax racoon: DEBUG: sockmisc.c:423:sendfromto(): send packet from 192.168.1.55[500] Jul 27 22:32:15 Drax racoon: DEBUG: sockmisc.c:425:sendfromto(): send packet to 192.168.1.177[500] Jul 27 22:32:15 Drax racoon: DEBUG: sockmisc.c:563:sendfromto(): 1 times of 80 bytes message will be sent to 192.168.1.55[500] Jul 27 22:32:15 Drax racoon: DEBUG: plog.c:193:plogdump(): 1aa5edf5 426dc07c 00000000 00000000 01100200 00000000 00000050 00000034 00000001 0000$ Jul 27 22:32:15 Drax racoon: DEBUG: isakmp.c:1446:isakmp_ph1resend(): resend phase1 packet 1aa5edf5426dc07c:0000000000000000 Jul 27 22:32:16 Drax racoon: ERROR: isakmp.c:1773:isakmp_chkph1there(): phase2 negotiation failed due to time up waiting for phase1. ESP 192.168.$ Jul 27 22:32:16 Drax racoon: INFO: isakmp.c:1778:isakmp_chkph1there(): delete phase 2 handler. Here is how the setkey looks on the laptop: 192.168.1.177[any] 192.168.1.55[any] any in ipsec esp/transport/192.168.1.177-192.168.1.55/require spid=7 seq=1 pid=556 refcnt=1 192.168.1.55[any] 192.168.1.177[any] any out ipsec esp/transport/192.168.1.55-192.168.1.177/require spid=8 seq=0 pid=556 refcnt=1 It looks opposite to this on the freebsd box. What is the problem (other then Phase 1 failing)?
Exit mobile version