Hello,

Using Racoon from ipsec-tools-0.7 on 2 linux hosts at 2.6.22.


For the most part everything works well and all traffic between the 2 hosts are encrypted, but I am seeing the following error messages from raccoon at different times:

“ERROR: can’t start the quick mode, there is no ISAKMP-SA”

“ERROR: none message must be encrypted”

At this point, no traffic can be passed between the 2 hosts.

I have to restart the daemons to make it all work again.

See below for the racoon.conf files (identical on both hosts).

See below for the setkey –D and setkey –DP output as well.

If anyone has seen this kind of issue of can tell me what I may have mis-configured, I would appreciate it.

Thanks,

Phil Bellino

##

path pre_shared_key "/etc/psk.txt";


log info;


remote anonymous

{

     exchange_mode main;

     lifetime time 24 hour;

     proposal_check obey;

     proposal {

               encryption_algorithm 3des;

               hash_algorithm md5;

               authentication_method pre_shared_key;

               dh_group 2;

     }

}

sainfo anonymous

{

        pfs_group 2;

        lifetime time 12 hour;

        encryption_algorithm 3des, aes, null_enc;

        authentication_algorithm hmac_md5, hmac_sha1, hmac_sha256, non_auth;

        compression_algorithm deflate;

}


#setkey –DP

140.179.109.64[any] 140.179.109.63[any] any

        in prio def ipsec

        esp/transport//require

        ah/transport//require

        created: May 20 04:35:46 2008  lastused: May 20 06:23:58 2008

        lifetime: 0(s) validtime: 0(s)

        spid=112 seq=1 pid=24059

        refcnt=1

140.179.109.63[any] 140.179.109.64[any] any

        out prio def ipsec

        esp/transport//require

        ah/transport//require

        created: May 20 04:35:46 2008  lastused: May 20 06:23:58 2008

        lifetime: 0(s) validtime: 0(s)

        spid=105 seq=4 pid=24059

        refcnt=1

140.179.109.64[any] 140.179.109.63[any] any

        fwd prio def ipsec

        esp/transport//require

        ah/transport//require

        created: May 20 04:35:46 2008  lastused:

        lifetime: 0(s) validtime: 0(s)

        spid=122 seq=7 pid=24059

        refcnt=1

# setkey –D

140.179.109.64 140.179.109.63

        ah mode=transport spi=57222519(0x03692577) reqid=0(0x00000000)

        A: hmac-md5  caef43b3 c6210673 435d4e26 81fa51d0

        seq=0x00000000 replay=4 flags=0x00000000 state=mature

        created: May 20 04:42:49 2008   current: May 20 10:48:18 2008

        diff: 21929(s)  hard: 43200(s)  soft: 34560(s)

        last: May 20 04:42:50 2008      hard: 0(s)      soft: 0(s)

        current: 2100(bytes)    hard: 0(bytes)  soft: 0(bytes)

        allocated: 21   hard: 0 soft: 0

        sadb_seq=9 pid=24090 refcnt=0

140.179.109.64 140.179.109.63

        esp mode=transport spi=114217494(0x06ced216) reqid=0(0x00000000)

        E: 3des-cbc  22199693 d101d180 8ba4357d 6ba7aa3a 4ca19c28 609fa213

        A: hmac-md5  8e366012 c5be45b2 72d3c7c0 3029f9b7

        seq=0x00000000 replay=4 flags=0x00000000 state=mature

        created: May 20 04:42:49 2008   current: May 20 10:48:18 2008

        diff: 21929(s)  hard: 43200(s)  soft: 34560(s)

        last: May 20 04:42:50 2008      hard: 0(s)      soft: 0(s)

        current: 1344(bytes)    hard: 0(bytes)  soft: 0(bytes)

        allocated: 21   hard: 0 soft: 0

        sadb_seq=10 pid=24090 refcnt=0

140.179.109.63 140.179.109.64

        ah mode=transport spi=222577027(0x0d444183) reqid=0(0x00000000)

        A: hmac-md5  db20303c 1baaa33c 5df27a48 2076d012

        seq=0x00000000 replay=4 flags=0x00000000 state=mature

        created: May 20 04:42:49 2008   current: May 20 10:48:18 2008

        diff: 21929(s)  hard: 43200(s)  soft: 34560(s)

        last: May 20 04:42:49 2008      hard: 0(s)      soft: 0(s)

        current: 3168(bytes)    hard: 0(bytes)  soft: 0(bytes)

        allocated: 22   hard: 0 soft: 0

        sadb_seq=11 pid=24090 refcnt=0

140.179.109.63 140.179.109.64

        esp mode=transport spi=36412869(0x022b9dc5) reqid=0(0x00000000)

        E: 3des-cbc  4d38370e 276198dd bb0a4ba6 45367b8a 23193d2d 2b8c866c

        A: hmac-md5  0e80bda8 a54826dc 6252cf2b dc131da4

        seq=0x00000000 replay=4 flags=0x00000000 state=mature

        created: May 20 04:42:49 2008   current: May 20 10:48:18 2008

        diff: 21929(s)  hard: 43200(s)  soft: 34560(s)

        last: May 20 04:42:49 2008      hard: 0(s)      soft: 0(s)

        current: 2640(bytes)    hard: 0(bytes)  soft: 0(bytes)

        allocated: 22   hard: 0 soft: 0

        sadb_seq=0 pid=24090 refcnt=0

Phil Bellino
Software Engineer
MRV Communications, Inc.
295 Foster Street
Littleton, MA. 01460
Phone: 978-952-4807
Fax: 978-952-5444

Email: pbellino@mrv.com