Re: [m0n0wall] IPSEC, m0n0wall, KAME & Mac OS X 10.3

From:	"M. G. (Michael) de Bruin" <mg dot debruin at buum dot nl>
To:	Matthew Barr <mbarr at mbarr dot net>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] IPSEC, m0n0wall, KAME & Mac OS X 10.3
Date:	Wed, 28 Jan 2004 22:58:55 +0100
HASH mismatch could be you're using MD5 on one side and SHA on the 
other. On the other hand, you would expect a proposal mismatch with that 
config. Just some idea's...

Matthew Barr wrote:

> Just to go ahead and help clarify for some of the more expert people 
> around.. Mac OS X 10.3 is using KAME, and racoon.  It *should* be 
> possible to get this to work.
> For the life of me, however, I can't figure it out.
> 
> I think I have the correct SPD's, and the racoon.conf settings are the 
> same as the M0n0wall's (well, minus obvoius changes).  The thing I'm 
> getting hung up on is the ID.
> 
> The fiirewall is set to use "My IP Address", and has a PSK setup for 
> mbarr at mbarr dot net.   the laptop is set to use user-fqdn "mbarr at mbarr dot net", 
> with a PSK for the same thing...
> 
> (Laptop has:
>         my_identifier user_fqdn "mbarr at mbarr dot net";
>         peers_identifier user_fqdn "mbarr at mbarr dot net";
> )
> 
> 
> 
> I'm getting these errors from racoon on the laptop:
> 2004-01-28 15:36:44: WARNING: ipsec_doi.c:3064:ipsecdoi_checkid1(): ID 
> type mismatched.
> 2004-01-28 15:36:44: WARNING: ipsec_doi.c:3086:ipsecdoi_checkid1(): ID 
> value mismatched.
> 2004-01-28 15:36:44: NOTIFY: oakley.c:2057:oakley_skeyid(): couldn't 
> find the proper pskey, try to get one by the peer's address.
> 2004-01-28 15:36:44: ERROR: oakley.c:1190:oakley_validate_auth(): HASH 
> mismatched
> 
> I'm actually getting wierder errors on the server side, with:
> 
> Jan 28 15:35:10
> racoon: ERROR: isakmp_inf.c:181:isakmp_info_recv(): reject the packet, 
> received unexpecting payload type 2.
> 
> racoon: NOTIFY: isakmp.c:255:isakmp_handler(): the packet is 
> retransmitted by 141.149.50.64[500].
> 
> However, I'm seing unexpected payloads of types: 2,58,43,98,202,224, 
> 169,206,16,26, 111,180.
> 
> I'd really like some pointers on tracking down the error.  Switching to 
> Debug logging on the laptop proudces some rather large amounts of data. 
>  I'm currently at notice.
> 
> Any body got any suggestions here?  I'm not sure Dana has the same 
> problem I do, but i'm guessing it's rather similar :-)
> 
>  --------------------------------
> Matthew Barr
> mbarr at datalyte dot com
> Managing Partner
> Datalyte Consulting, LLC.
> (646) 765-6878    (cell)
> On Jan 22, 2004, at 12:29 PM, Dana Spiegel wrote:
> 
>> I'm having some issues configuring m0n0wall and my OS X 10.3 laptop to 
>> use mobile IPSEC. Does anyone have any experience with this that can 
>> provide a step by step guide to setting up both the laptop and the 
>> router?
>>
>> Thanks for your help!
>>
>> Dana Spiegel
>> Director, NYCwireless
>> dana at nycwireless dot net
>> www.nycwireless.net
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>