Re: Racoon <> VPN Gateway

From: Shoichi Sakane (sakane@kame.net)
Date: 12/10/01

• Next message: Ronan Lucio: "Re: Accessing as root"
• Previous message: Landon Stewart: "Re: Accessing as root"
• In reply to: freebsd-security-local@insignia.com: "Racoon <> VPN Gateway"
• Next in thread: Ralph Huntington: "promiscuous mode"
• Reply: Ralph Huntington: "promiscuous mode"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

To: freebsd-security-local@insignia.com
Date: Tue, 11 Dec 2001 01:37:24 +0900
From: Shoichi Sakane <sakane@kame.net>

> I've now got further trying to get racoon talking to a Redcreek
> Ravlin10 VPN gateway, once I realised the gif device is needed
> for tunnel mode. It actually replies to me, though the reply
> isn't what racoon seems to expect.

basically you don't need the gif device configuration when you want
to use IPsec tunnel mode.

> I'm trying to establish an ESP tunnel mode connection between
> 213.208.123.252 (racoon) and 195.74.141.60 (Ravlin).

> Racoon says:
> >2001-12-06 20:44:02: DEBUG: isakmp.c:394:isakmp_main(): malformed cookie received or the spi expired.

did you see other error message before this message ?
i think this session failed due to some reasons, so racoon could not
process this session any more.

> whereas the Ravlin says:
> >Dec 6 20:46:30 ravlin10 [051b4216] 101-12-06/20:45:05(GMT) Received ISAKMP initialization request. Peer: (213.208.123.252)
> >Dec 6 20:46:32 ravlin10 [03044222] 101-12-06/20:45:07(GMT) Invalid payload. Possible overrun attack! ()

i'm not sure the meaning of above two messages.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Ronan Lucio: "Re: Accessing as root"
• Previous message: Landon Stewart: "Re: Accessing as root"
• In reply to: freebsd-security-local@insignia.com: "Racoon <> VPN Gateway"
• Next in thread: Ralph Huntington: "promiscuous mode"
• Reply: Ralph Huntington: "promiscuous mode"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Racoon <> VPN Gateway ... >> isn't what racoon seems to expect. ... >basically you don't need the gif device configuration when you want ... >to use IPsec tunnel mode. ... and trace packets to the VPN gateway box I see the ESP packet go out ... (FreeBSD-Security) Racoon <> VPN Gateway ... I've now got further trying to get racoon talking to a Redcreek ... I'm trying to establish an ESP tunnel mode connection between ... whereas the Ravlin says: ... (FreeBSD-Security) racoon behaviour when SA expires ... I am using a VPN in tunnel mode between two sites, using racoon to ... I could increase the lifetime of the SA in racoon.conf, ... This means that we can't properly deploy our VPN, ... (freebsd-net)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2001-12