> Since sending my first message I've found that FBSD/racoon<->FBSD/racoon
> only works till the first time the keys are renegotiated. At that point
> I get the message about the security association expiring but from then
> on I always get the 'policy not found' error. The following is part of
> the log from one side of the FBSD<->FBSD case.

> 2002-02-08 23:47:31: INFO: isakmp.c:896:isakmp_ph1begin_r(): begin Aggressive mode.
> 2002-02-08 23:47:33: NOTIFY: oakley.c:2036:oakley_skeyid(): couldn't find pskey, try to get one by the peer's address.

it seems you didn't define the pre-shared key file properly.
you should add a single line into the psk file like,
        "sakanekame.net presharedkey".
in this case. "sakanekame.net" is the identifier of both of nodes
as you used exactly same configuration. but it's not much problem.

> 2002-02-08 23:47:33: ERROR: proposal.c:965:set_proposal_from_policy(): not supported nested SA.
> 2002-02-08 23:47:33: ERROR: isakmp_quick.c:2070:get_proposal_r(): failed to create saprop.

the message means the SPD entry to be used this negotiation has
different ipsec tunnel end points, such like

        spdadd X Y any -P out ipsec
                esp/tunnel/A-B/use
                esp/tunnel/A-C/use;

do you have it ? if so, racoon doesn't support this configuration.

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]