Home Forums OS X Server and Client Discussion Questions and Answers Problems with IPSec (flying racoons!)

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • October 24, 2002 at 10:12 am #354693
    Anonymous
    Participant

    I read the flying racoons articles with great interest and I’ve been trying to test them out myself. I’ve got a pair of Macs running 10.2.1, and have just tried to set up a simple transport connection between them with this sort of setup:

    spdadd 10.10.50.129/32 10.10.50.186/32 any -P out ipsec esp/transport/10.10.50.129-10.10.50.186/require;
    spdadd 10.10.50.186/32 10.10.50.129/32 any -P in ipsec esp/transport/10.10.50.186-10.10.50.129/require;

    I’ve also got the racoons up and running on both machines.

    When I try to connect from one to the other, after running the setkey commands above, I can’t get any packets to go out on the wire (watching with tcpdump). I can’t even ping the other machine (if I run ‘setkey -FP’ everything goes back to normal and I can ping again). I noticed in ‘netstat -s’ the following that seems to shed some light:

    ipsec:
    0 inbound packets processed successfully
    0 inbound packets violated process security policy
    0 inbound packets with no SA available
    0 invalid inbound packets
    0 inbound packets failed due to insufficient memory
    0 inbound packets failed getting SPI
    0 inbound packets failed on AH replay check
    0 inbound packets failed on ESP replay check
    0 inbound packets considered authentic
    0 inbound packets failed on authentication
    0 outbound packets processed successfully
    0 outbound packets violated process security policy
    [color=red:332b9dc311]576 outbound packets with no SA available[/color:332b9dc311]
    0 invalid outbound packets
    0 outbound packets failed due to insufficient memory
    0 outbound packets with no route

    Anyone know what that might mean, and what is causing it?

    October 24, 2002 at 12:51 pm #354694
    Anonymous
    Participant

    I’ve now figured out (partly) what was causing the problem. Something in Classic had grabbed port 500, stopping the racoon process from working properly. I found out by running racoon in debug mode:

    racoon -f /etc/racoon/racoon.conf -d -d -d -F -v

    Once I shut down Classic I could connect between my two Macs no problem.

    So far I haven’t been able to figure out what it is in Classic that is using port 500 though. 🙁

    November 7, 2002 at 5:55 pm #354744
    Anonymous
    Participant

    Figured out what it was in Classic that was causing the problem – the PGPNet extension! (pretty obvious really but I’d forgotten I had tested it out about a year ago). Thanks for the articles and the help!

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2024 AFP548. All Rights Reserved.