[Openswan Users] openswan+netkey <-> racoon on linux

Peter Rosenthal voiperster at gmail.com
Thu Jul 17 06:59:54 EDT 2008


This looks like it might be useful? From racoon 0.7:

2008-07-17 06:52:07: DEBUG: begin compare proposals.
2008-07-17 06:52:07: DEBUG: pair[0]: 0x594550
2008-07-17 06:52:07: DEBUG:  0x594550: next=(nil) tnext=0x594580
2008-07-17 06:52:07: DEBUG:   0x594580: next=(nil) tnext=0x5945b0
2008-07-17 06:52:07: DEBUG:    0x5945b0: next=(nil) tnext=0x5945e0
2008-07-17 06:52:07: DEBUG:     0x5945e0: next=(nil) tnext=(nil)
2008-07-17 06:52:07: DEBUG: prop#=0 prot-id=ESP spi-size=4 #trns=4 trns#=0
trns-id=AES
2008-07-17 06:52:07: DEBUG: type=Group Description, flag=0x8000, lorv=2
2008-07-17 06:52:07: DEBUG: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2008-07-17 06:52:07: DEBUG: type=SA Life Type, flag=0x8000, lorv=seconds
2008-07-17 06:52:07: DEBUG: type=SA Life Duration, flag=0x8000, lorv=3600
2008-07-17 06:52:07: DEBUG: type=Authentication Algorithm, flag=0x8000,
lorv=hmac-sha
2008-07-17 06:52:07: DEBUG: type=Key Length, flag=0x8000, lorv=128
2008-07-17 06:52:07: DEBUG: prop#=0 prot-id=ESP spi-size=4 #trns=4 trns#=1
trns-id=AES
2008-07-17 06:52:07: DEBUG: type=Group Description, flag=0x8000, lorv=2
2008-07-17 06:52:07: DEBUG: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2008-07-17 06:52:07: DEBUG: type=SA Life Type, flag=0x8000, lorv=seconds
2008-07-17 06:52:07: DEBUG: type=SA Life Duration, flag=0x8000, lorv=3600
2008-07-17 06:52:07: DEBUG: type=Authentication Algorithm, flag=0x8000,
lorv=hmac-md5
2008-07-17 06:52:07: DEBUG: type=Key Length, flag=0x8000, lorv=128
2008-07-17 06:52:07: DEBUG: prop#=0 prot-id=ESP spi-size=4 #trns=4 trns#=2
trns-id=3DES
2008-07-17 06:52:07: DEBUG: type=Group Description, flag=0x8000, lorv=2
2008-07-17 06:52:07: DEBUG: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2008-07-17 06:52:07: DEBUG: type=SA Life Type, flag=0x8000, lorv=seconds
2008-07-17 06:52:07: DEBUG: type=SA Life Duration, flag=0x8000, lorv=3600
2008-07-17 06:52:07: DEBUG: type=Authentication Algorithm, flag=0x8000,
lorv=hmac-sha
2008-07-17 06:52:07: DEBUG: prop#=0 prot-id=ESP spi-size=4 #trns=4 trns#=3
trns-id=3DES
2008-07-17 06:52:07: DEBUG: type=Group Description, flag=0x8000, lorv=2
2008-07-17 06:52:07: DEBUG: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2008-07-17 06:52:07: DEBUG: type=SA Life Type, flag=0x8000, lorv=seconds
2008-07-17 06:52:07: DEBUG: type=SA Life Duration, flag=0x8000, lorv=3600
2008-07-17 06:52:07: DEBUG: type=Authentication Algorithm, flag=0x8000,
lorv=hmac-md5
2008-07-17 06:52:07: DEBUG: peer's single bundle:
2008-07-17 06:52:07: DEBUG:  (proto_id=ESP spisize=4 spi=b89f6742
spi_p=00000000 encmode=Tunnel reqid=0:0)
2008-07-17 06:52:07: DEBUG:   (trns_id=AES encklen=128 authtype=hmac-sha)
2008-07-17 06:52:07: DEBUG:   (trns_id=AES encklen=128 authtype=hmac-md5)
2008-07-17 06:52:07: DEBUG:   (trns_id=3DES encklen=0 authtype=hmac-sha)
2008-07-17 06:52:07: DEBUG:   (trns_id=3DES encklen=0 authtype=hmac-md5)
2008-07-17 06:52:07: DEBUG: my single bundle:
2008-07-17 06:52:07: DEBUG:  (proto_id=AH spisize=4 spi=00000000
spi_p=00000000 encmode=Tunnel reqid=0:0)
2008-07-17 06:52:07: DEBUG:   (trns_id=SHA authtype=hmac-sha)
2008-07-17 06:52:07: DEBUG:   (trns_id=MD5 authtype=hmac-md5)
2008-07-17 06:52:07: DEBUG:  (proto_id=ESP spisize=4 spi=00000000
spi_p=00000000 encmode=Tunnel reqid=0:0)
2008-07-17 06:52:07: DEBUG:   (trns_id=3DES encklen=0 authtype=hmac-sha)
2008-07-17 06:52:07: DEBUG:   (trns_id=3DES encklen=0 authtype=hmac-md5)
2008-07-17 06:52:07: DEBUG:   (trns_id=BLOWFISH encklen=448
authtype=hmac-sha)
2008-07-17 06:52:07: DEBUG:   (trns_id=BLOWFISH encklen=448
authtype=hmac-md5)
2008-07-17 06:52:07: DEBUG:   (trns_id=AES encklen=128 authtype=hmac-sha)
2008-07-17 06:52:07: DEBUG:   (trns_id=AES encklen=128 authtype=hmac-md5)
2008-07-17 06:52:07: ERROR: not matched
2008-07-17 06:52:07: ERROR: no suitable policy found.
2008-07-17 06:52:07: ERROR: failed to pre-process packet.


2008/7/16 Peter Rosenthal <voiperster at gmail.com>:

> Is there anything I can do to further debug my existing set-up? Looks like
> racoon2 is seriously different to racoon (configuration format is different,
> and right now its not compiling but I can probably fix that). I have many
> boxes configured with racoon that I want to mesh.
>
>
>
> 2008/7/16 Paul Wouters <paul at xelerance.com>:
>
>> On Wed, 16 Jul 2008, Peter Rosenthal wrote:
>>
>>  I take it that this was with racoon2? Stuff I am reading indicates that
>>> racoon only supports ikev1.
>>>
>>
>> thats right.
>>
>> Paul
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080717/978598bc/attachment-0001.html 


More information about the Users mailing list