[ previous ] [ next ] [ threads ]
 
 From:  Cemil Browne <cbrowne at dubsat dot com dot au>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  m0n0wall -> FBSD 5.4 (racoon) IPSEC problem
 Date:  Wed, 22 Feb 2006 13:48:10 +1100
To all:

I am currently having trouble trying to connect a m0n0wall 1.21 box  
to a FreeBSD 5.4 running ipsec-tools (racoon).

I have gone so far as to mirror the racoon.conf from /var/etc/ 
racoon.conf (on the m0n0wall) over to the FBSD box.  Regardless of  
what I do, phase 1 negotiation jsut doesn't succeed.  The last 3  
messages I get in the debug.log for the FreeBSD host are:

DEBUG: compute DH's private. (private, public, shared)

and then a hang.  after 30 seconds, it retries the entire cycle.   
exact log from debug.log on FBSD box is (addresses sanitized):

Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: 264 bytes message  
received from xxxxxxxx.141[500] to xxxxxxxxxx.140[500]
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG:  4a31124c a65ae76d  
00000000 00000000 01100400 00000000 00000108 04000034 00000001  
00000001 00000028 01010001 00000020 01010000 800b0001 800c7080  
80010005 80030001 80020002 80040002 0a000084 9efe215a 24ae0d77  
a1683df1 16af09e0 6f9fbb25 ce9e7516 eea7cb83 0870d183 0fd8f7b9  
23395087 50007cf8 a1567fa0 7850a2e7 dc96396d 9a5f1c81 f9ea457e  
1a34b8c8 28f1025e 12142864 4347b153 825ef467 fc758c25 4c2d7cf4  
9b5f7f41 0f1c9eae 6d5970dc 70b9139d 0b14edbd 72463cce aef7f0c6  
f88591c0 ffd9428f 05000014 fd8cf961 1bcd4412 97a1b73a a52b85f3  
0d00000c 011101f4 cb3f6b8d 00000014 afcad713 68a1f1c9 6b8696fc 77570100
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: configuration found for  
xxxxxxxxxx.141[500].
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: ===
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: begin.
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: seen nptype=1(sa)
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: seen nptype=4(ke)
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: seen nptype=10(nonce)
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: seen nptype=5(id)
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: seen nptype=13(vid)
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: succeed.
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: received payload of type ke
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: received payload of type  
nonce
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: received payload of type id
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: received payload of type vid
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: remote supports DPD
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: total SA len=48
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG:  00000001 00000001  
00000028 01010001 00000020 01010000 800b0001 800c7080 80010005  
80030001 80020002 80040002
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: begin.
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: seen nptype=2(prop)
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: succeed.
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: proposal #1 len=40
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: begin.
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: seen nptype=3(trns)
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: succeed.
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: transform #1 len=32
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: type=Life Type,  
flag=0x8000, lorv=seconds
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: type=Life Duration,  
flag=0x8000, lorv=28800
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: type=Encryption  
Algorithm, flag=0x8000, lorv=3DES-CBC
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: encryption(3des)
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: type=Authentication  
Method, flag=0x8000, lorv=pre-shared key
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: type=Hash Algorithm,  
flag=0x8000, lorv=SHA
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: hash(sha1)
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: type=Group Description,  
flag=0x8000, lorv=1024-bit MODP group
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: hmac(modp1024)
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: pair 1:
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG:  0x80ad390: next=0x0  
tnext=0x0
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: proposal #1: 1 transform
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: prop#=1, prot-id=ISAKMP,  
spi-size=0, #trns=1
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: trns#=1, trns-id=IKE
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: type=Life Type,  
flag=0x8000, lorv=seconds
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: type=Life Duration,  
flag=0x8000, lorv=28800
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: type=Encryption  
Algorithm, flag=0x8000, lorv=3DES-CBC
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: type=Authentication  
Method, flag=0x8000, lorv=pre-shared key
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: type=Hash Algorithm,  
flag=0x8000, lorv=SHA
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: type=Group Description,  
flag=0x8000, lorv=1024-bit MODP group
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: Compared: DB:Peer
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: (lifetime = 28800:28800)
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: (lifebyte = 0:0)
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: enctype = 3DES-CBC:3DES-CBC
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: (encklen = 0:0)
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: hashtype = SHA:SHA
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: authmethod = pre-shared  
key:pre-shared key
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: dh_group = 1024-bit MODP  
group:1024-bit MODP group
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: an acceptable proposal  
found.
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: hmac(modp1024)
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: new cookie: de304e84260bde3d
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: use ID type of IPv4_address
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: compute DH's private.
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG:  59e3296f 5935ca9f  
1235c349 0689edf8 b53ee9c6 df3ae33b 13b1417b e5bb7a81 fac32683  
f37705e7 bb7c4795 46d8cf31 197b96be 1acab374 66bcb8f4 b9c390e9  
215eb52e 51ea9340 d81a7e07 7024ffd2 0fc6b00d f44a2db2 1c9e4cb3  
484417c3 903a2fb0 397b44fc e4a0a342 8b3f2bf2 e251f5db c4d91e39  
9f092022 8524a468
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: compute DH's public.
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG:  387893d5 7ce08861  
789c6fa6 543bb2ee 3696d5a8 4bb43f7b 673e620f 69e80d7f 45f2da26  
48a63097 3557d645 eb76d464 fa62a010 1bf2c87e f5497821 ff736b9b  
602afd46 b47dfbab 112f5d07 2bfafaa5 caae5ccf 5a748de9 3df9f5f6  
a75d329c 6d5d93be 57895a04 1759d761 dcb6ae75 ca980aae adf3ea52  
d79a959d 87b7a95f
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG: compute DH's shared.
Feb 22 13:46:28 syd-ipsecep1 racoon: DEBUG:  1161f8fd 2034e546  
3dd010f4 b15f44e8 de443769 d889a028 74c6c334 3b7c9f28 da501111  
78138102 2aa9490b 5771bec1 2ca928b5 72ea99d1 b4f5d132 a797cfd8  
5a8c7d3b 0017a74b f3194aae 6743b5b3 055cdaaa 06f91f31 f93f6bd6  
7a35a154 7d0d98aa 62b45d2f e5d48b06 e88796a6 6880505a 59d5e1fa  
716c1392 85fa85b1

Any help would be great!

Thanks,
Cemil Browne