Re: Racoon <> VPN Gateway

From: Shoichi Sakane (
Date: 12/10/01

Date: Tue, 11 Dec 2001 01:37:24 +0900
From: Shoichi Sakane <>

> I've now got further trying to get racoon talking to a Redcreek
> Ravlin10 VPN gateway, once I realised the gif device is needed
> for tunnel mode. It actually replies to me, though the reply
> isn't what racoon seems to expect.

basically you don't need the gif device configuration when you want
to use IPsec tunnel mode.

> I'm trying to establish an ESP tunnel mode connection between
> (racoon) and (Ravlin).

> Racoon says:
> >2001-12-06 20:44:02: DEBUG: isakmp.c:394:isakmp_main(): malformed cookie received or the spi expired.

did you see other error message before this message ?
i think this session failed due to some reasons, so racoon could not
process this session any more.

> whereas the Ravlin says:
> >Dec 6 20:46:30 ravlin10 [051b4216] 101-12-06/20:45:05(GMT) Received ISAKMP initialization request. Peer: (
> >Dec 6 20:46:32 ravlin10 [03044222] 101-12-06/20:45:07(GMT) Invalid payload. Possible overrun attack! ()

i'm not sure the meaning of above two messages.

To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message