From: SourceForge.net <no...@so...> - 2007-01-28 05:28:20
|
Bugs item #1646291, was opened at 2007-01-27 21:28 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=541482&aid=1646291&group_id=74601 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: NAT_T Problem Initial Comment: When NAT_T configured, racoon fails on the following: Jan 26 18:34:21 fedora racoon: INFO: @(#)ipsec-tools 0.6.5 (http://ipsec-tools.sourceforge.net) Jan 26 18:34:21 fedora racoon: INFO: @(#)This product linked OpenSSL 0.9.8b 04 May 2006 (http://www.openssl.org/) Jan 26 18:34:22 fedora racoon: INFO: 70.137.xxx.xxx[4500] used as isakmp port (fd=7) Jan 26 18:34:22 fedora racoon: INFO: 70.137.xxx.xxx[4500] used for NAT-T Jan 26 18:34:22 fedora racoon: INFO: 70.137.xxx.xxx[500] used as isakmp port (fd=8) Jan 26 18:34:22 fedora racoon: INFO: 70.137.xxx.xxx[500] used for NAT-T Jan 26 18:34:27 fedora racoon: INFO: IPsec-SA request for 208.57.xxx.xxx queued due to no phase1 found. Jan 26 18:34:27 fedora racoon: INFO: initiate new phase 1 negotiation: 70.137.xxx.xxx[500]<=>208.57.xxx.xxx[500] Jan 26 18:34:27 fedora racoon: INFO: begin Aggressive mode. Jan 26 18:34:28 fedora racoon: INFO: received Vendor ID: RFC 3947 Jan 26 18:34:28 fedora racoon: INFO: received Vendor ID: DPD Jan 26 18:34:28 fedora racoon: INFO: Selected NAT-T version: RFC 3947 Jan 26 18:34:28 fedora racoon: INFO: Hashing 70.137.xxx.xxx[500] with algo #2 Jan 26 18:34:28 fedora racoon: INFO: NAT-D payload #-1 verified Jan 26 18:34:28 fedora racoon: INFO: Hashing 208.57.xxx.xxx[500] with algo #2 Jan 26 18:34:28 fedora racoon: INFO: NAT-D payload #0 doesn't match Jan 26 18:34:28 fedora racoon: INFO: NAT detected: PEER Jan 26 18:34:28 fedora racoon: INFO: KA list add: 70.137.xxx.xxx[4500]->208.57.xxx.xxx[4500] Jan 26 18:34:28 fedora racoon: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address. Jan 26 18:34:28 fedora racoon: INFO: Adding remote and local NAT-D payloads. Jan 26 18:34:28 fedora racoon: INFO: Hashing 208.57.xxx.xxx[4500] with algo #2 Jan 26 18:34:28 fedora racoon: INFO: Hashing 70.137.xxx.xxx[4500] with algo #2 Jan 26 18:34:28 fedora racoon: INFO: ISAKMP-SA established 70.137.xxx.xxx[4500]-208.57.xxx.xxx[4500] spi:956239d11dcc9fc2:dfcb5e3240fb0b68 Jan 26 18:34:28 fedora racoon: INFO: initiate new phase 2 negotiation: 70.137.xxx.xxx[4500]<=>208.57.xxx.xxx[4500] Jan 26 18:34:28 fedora racoon: INFO: NAT detected -> UDP encapsulation (ENC_MODE 1->3). Jan 26 18:34:28 fedora racoon: INFO: NAT detected -> UDP encapsulation (ENC_MODE 1->3). Jan 26 18:34:28 fedora racoon: INFO: Adjusting my encmode UDP-Tunnel->Tunnel Jan 26 18:34:28 fedora racoon: INFO: Adjusting peer's encmode UDP-Tunnel(3)->Tunnel(1) Jan 26 18:34:28 fedora racoon: INFO: Adjusting my encmode UDP-Tunnel->Tunnel Jan 26 18:34:28 fedora racoon: INFO: Adjusting peer's encmode UDP-Tunnel(3)->Tunnel(1) Jan 26 18:34:28 fedora racoon: ERROR: libipsec failed send update_nat (No algorithm specified) Jan 26 18:34:28 fedora racoon: ERROR: pfkey update failed. Jan 26 18:34:28 fedora racoon: ERROR: failed to process packet. Jan 26 18:34:28 fedora racoon: ERROR: phase2 negotiation failed. Configuration is per NAT_N specs: timer { natt_keepalive 20sec; } listen { isakmp 192.168.0.100[500]; isakmp_natt 192.168.0.100[4500]; } remote 70.137.xxx.xxx{ exchange_mode aggressive, main; my_identifier address; nat_traversal on; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2 ; } } ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=541482&aid=1646291&group_id=74601 |
From: SourceForge.net <no...@so...> - 2007-01-28 05:29:41
|
Bugs item #1646291, was opened at 2007-01-27 21:28 Message generated for change (Comment added) made by nobody You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=541482&aid=1646291&group_id=74601 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: NAT_T Problem Initial Comment: When NAT_T configured, racoon fails on the following: Jan 26 18:34:21 fedora racoon: INFO: @(#)ipsec-tools 0.6.5 (http://ipsec-tools.sourceforge.net) Jan 26 18:34:21 fedora racoon: INFO: @(#)This product linked OpenSSL 0.9.8b 04 May 2006 (http://www.openssl.org/) Jan 26 18:34:22 fedora racoon: INFO: 70.137.xxx.xxx[4500] used as isakmp port (fd=7) Jan 26 18:34:22 fedora racoon: INFO: 70.137.xxx.xxx[4500] used for NAT-T Jan 26 18:34:22 fedora racoon: INFO: 70.137.xxx.xxx[500] used as isakmp port (fd=8) Jan 26 18:34:22 fedora racoon: INFO: 70.137.xxx.xxx[500] used for NAT-T Jan 26 18:34:27 fedora racoon: INFO: IPsec-SA request for 208.57.xxx.xxx queued due to no phase1 found. Jan 26 18:34:27 fedora racoon: INFO: initiate new phase 1 negotiation: 70.137.xxx.xxx[500]<=>208.57.xxx.xxx[500] Jan 26 18:34:27 fedora racoon: INFO: begin Aggressive mode. Jan 26 18:34:28 fedora racoon: INFO: received Vendor ID: RFC 3947 Jan 26 18:34:28 fedora racoon: INFO: received Vendor ID: DPD Jan 26 18:34:28 fedora racoon: INFO: Selected NAT-T version: RFC 3947 Jan 26 18:34:28 fedora racoon: INFO: Hashing 70.137.xxx.xxx[500] with algo #2 Jan 26 18:34:28 fedora racoon: INFO: NAT-D payload #-1 verified Jan 26 18:34:28 fedora racoon: INFO: Hashing 208.57.xxx.xxx[500] with algo #2 Jan 26 18:34:28 fedora racoon: INFO: NAT-D payload #0 doesn't match Jan 26 18:34:28 fedora racoon: INFO: NAT detected: PEER Jan 26 18:34:28 fedora racoon: INFO: KA list add: 70.137.xxx.xxx[4500]->208.57.xxx.xxx[4500] Jan 26 18:34:28 fedora racoon: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address. Jan 26 18:34:28 fedora racoon: INFO: Adding remote and local NAT-D payloads. Jan 26 18:34:28 fedora racoon: INFO: Hashing 208.57.xxx.xxx[4500] with algo #2 Jan 26 18:34:28 fedora racoon: INFO: Hashing 70.137.xxx.xxx[4500] with algo #2 Jan 26 18:34:28 fedora racoon: INFO: ISAKMP-SA established 70.137.xxx.xxx[4500]-208.57.xxx.xxx[4500] spi:956239d11dcc9fc2:dfcb5e3240fb0b68 Jan 26 18:34:28 fedora racoon: INFO: initiate new phase 2 negotiation: 70.137.xxx.xxx[4500]<=>208.57.xxx.xxx[4500] Jan 26 18:34:28 fedora racoon: INFO: NAT detected -> UDP encapsulation (ENC_MODE 1->3). Jan 26 18:34:28 fedora racoon: INFO: NAT detected -> UDP encapsulation (ENC_MODE 1->3). Jan 26 18:34:28 fedora racoon: INFO: Adjusting my encmode UDP-Tunnel->Tunnel Jan 26 18:34:28 fedora racoon: INFO: Adjusting peer's encmode UDP-Tunnel(3)->Tunnel(1) Jan 26 18:34:28 fedora racoon: INFO: Adjusting my encmode UDP-Tunnel->Tunnel Jan 26 18:34:28 fedora racoon: INFO: Adjusting peer's encmode UDP-Tunnel(3)->Tunnel(1) Jan 26 18:34:28 fedora racoon: ERROR: libipsec failed send update_nat (No algorithm specified) Jan 26 18:34:28 fedora racoon: ERROR: pfkey update failed. Jan 26 18:34:28 fedora racoon: ERROR: failed to process packet. Jan 26 18:34:28 fedora racoon: ERROR: phase2 negotiation failed. Configuration is per NAT_N specs: timer { natt_keepalive 20sec; } listen { isakmp 192.168.0.100[500]; isakmp_natt 192.168.0.100[4500]; } remote 70.137.xxx.xxx{ exchange_mode aggressive, main; my_identifier address; nat_traversal on; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2 ; } } ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2007-01-27 21:29 Message: Logged In: NO I could be reached at azg...@ya... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=541482&aid=1646291&group_id=74601 |
From: SourceForge.net <no...@so...> - 2009-01-16 11:04:13
|
Bugs item #1646291, was opened at 2007-01-28 07:28 Message generated for change (Comment added) made by fabled80 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=541482&aid=1646291&group_id=74601 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None >Status: Closed Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: NAT_T Problem Initial Comment: When NAT_T configured, racoon fails on the following: Jan 26 18:34:21 fedora racoon: INFO: @(#)ipsec-tools 0.6.5 (http://ipsec-tools.sourceforge.net) Jan 26 18:34:21 fedora racoon: INFO: @(#)This product linked OpenSSL 0.9.8b 04 May 2006 (http://www.openssl.org/) Jan 26 18:34:22 fedora racoon: INFO: 70.137.xxx.xxx[4500] used as isakmp port (fd=7) Jan 26 18:34:22 fedora racoon: INFO: 70.137.xxx.xxx[4500] used for NAT-T Jan 26 18:34:22 fedora racoon: INFO: 70.137.xxx.xxx[500] used as isakmp port (fd=8) Jan 26 18:34:22 fedora racoon: INFO: 70.137.xxx.xxx[500] used for NAT-T Jan 26 18:34:27 fedora racoon: INFO: IPsec-SA request for 208.57.xxx.xxx queued due to no phase1 found. Jan 26 18:34:27 fedora racoon: INFO: initiate new phase 1 negotiation: 70.137.xxx.xxx[500]<=>208.57.xxx.xxx[500] Jan 26 18:34:27 fedora racoon: INFO: begin Aggressive mode. Jan 26 18:34:28 fedora racoon: INFO: received Vendor ID: RFC 3947 Jan 26 18:34:28 fedora racoon: INFO: received Vendor ID: DPD Jan 26 18:34:28 fedora racoon: INFO: Selected NAT-T version: RFC 3947 Jan 26 18:34:28 fedora racoon: INFO: Hashing 70.137.xxx.xxx[500] with algo #2 Jan 26 18:34:28 fedora racoon: INFO: NAT-D payload #-1 verified Jan 26 18:34:28 fedora racoon: INFO: Hashing 208.57.xxx.xxx[500] with algo #2 Jan 26 18:34:28 fedora racoon: INFO: NAT-D payload #0 doesn't match Jan 26 18:34:28 fedora racoon: INFO: NAT detected: PEER Jan 26 18:34:28 fedora racoon: INFO: KA list add: 70.137.xxx.xxx[4500]->208.57.xxx.xxx[4500] Jan 26 18:34:28 fedora racoon: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address. Jan 26 18:34:28 fedora racoon: INFO: Adding remote and local NAT-D payloads. Jan 26 18:34:28 fedora racoon: INFO: Hashing 208.57.xxx.xxx[4500] with algo #2 Jan 26 18:34:28 fedora racoon: INFO: Hashing 70.137.xxx.xxx[4500] with algo #2 Jan 26 18:34:28 fedora racoon: INFO: ISAKMP-SA established 70.137.xxx.xxx[4500]-208.57.xxx.xxx[4500] spi:956239d11dcc9fc2:dfcb5e3240fb0b68 Jan 26 18:34:28 fedora racoon: INFO: initiate new phase 2 negotiation: 70.137.xxx.xxx[4500]<=>208.57.xxx.xxx[4500] Jan 26 18:34:28 fedora racoon: INFO: NAT detected -> UDP encapsulation (ENC_MODE 1->3). Jan 26 18:34:28 fedora racoon: INFO: NAT detected -> UDP encapsulation (ENC_MODE 1->3). Jan 26 18:34:28 fedora racoon: INFO: Adjusting my encmode UDP-Tunnel->Tunnel Jan 26 18:34:28 fedora racoon: INFO: Adjusting peer's encmode UDP-Tunnel(3)->Tunnel(1) Jan 26 18:34:28 fedora racoon: INFO: Adjusting my encmode UDP-Tunnel->Tunnel Jan 26 18:34:28 fedora racoon: INFO: Adjusting peer's encmode UDP-Tunnel(3)->Tunnel(1) Jan 26 18:34:28 fedora racoon: ERROR: libipsec failed send update_nat (No algorithm specified) Jan 26 18:34:28 fedora racoon: ERROR: pfkey update failed. Jan 26 18:34:28 fedora racoon: ERROR: failed to process packet. Jan 26 18:34:28 fedora racoon: ERROR: phase2 negotiation failed. Configuration is per NAT_N specs: timer { natt_keepalive 20sec; } listen { isakmp 192.168.0.100[500]; isakmp_natt 192.168.0.100[4500]; } remote 70.137.xxx.xxx{ exchange_mode aggressive, main; my_identifier address; nat_traversal on; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2 ; } } ---------------------------------------------------------------------- Comment By: Timo Teräs (fabled80) Date: 2009-01-16 13:04 Message: Closing all sourceforge.net bugs. If this issue has not been cared for please submit a new bug report to https://trac.ipsec-tools.net/ issue tracker. Thank you. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2007-01-28 07:29 Message: Logged In: NO I could be reached at azg...@ya... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=541482&aid=1646291&group_id=74601 |