Thread: [Ipsec-tools-devel] Racoon hangs, any ideas why?
Brought to you by:
mit_warlord,
netbsd
From: Koivisto K. <kim...@su...> - 2003-07-30 13:43:28
|
Hello I'm having some troubles with racoon. After starting it (racoon -Fddd), it reads the configuration file and hangs. Only thing that helps is kill -9 pid. Anyone having the same problems or any ideas how to get it working? Is there anything that I can do to get more debug out of it? Red Hat 9 openssl-0.9.7a-5 Kernel 2.6.0-test1 and test2 (haven't tried with 2.5.x). I've tried Red Hat's rawhide rpm of ipsec-tools and also newest tarball from http://sourceforge.net/projects/ipsec-tools, both were version 0.2.2 My machine 192.168.2.2, remote 192.168.2.1. I've also tried the "default" config that installs to installation-path/etc/racoon.conf, racoon hang with that config too. BR Kimmo Koivisto Here are my configs and logs: <racoon conf> path include "/etc/racoon"; path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs"; log debug; remote 192.168.2.1 { exchange_mode main; doi ipsec_doi; situation identity_only; #my_identifier address; lifetime time 1 hour; # sec,min,hour initial_contact on; proposal_check obey; # obey, strict or claim proposal { encryption_algorithm aes; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2 ; } } sainfo address 192.168.2.2 any address 192.168.2.1 any { pfs_group 2; lifetime time 1 hour; encryption_algorithm aes ; authentication_algorithm hmac_sha1; compression_algorithm deflate ; } </racoon conf> <racoon log with command "racoon -Fddd"> Foreground mode. 2003-07-30 16:34:01: INFO: main.c:174:main(): @(#)racoon 20001216 20001216 sa...@ka... 2003-07-30 16:34:01: INFO: main.c:175:main(): @(#)This product linked OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/) 2003-07-30 16:34:01: DEBUG: pfkey.c:370:pfkey_init(): call pfkey_send_register for AH 2003-07-30 16:34:01: DEBUG: pfkey.c:370:pfkey_init(): call pfkey_send_register for ESP 2003-07-30 16:34:01: DEBUG: pfkey.c:370:pfkey_init(): call pfkey_send_register for IPCOMP 2003-07-30 16:34:01: DEBUG2: cftoken.l:425:yylex(): <3> 2003-07-30 16:34:01: DEBUG2: cftoken.l:425:yylex(): <3> 2003-07-30 16:34:01: DEBUG2: cftoken.l:115:yylex(): begin <5>path 2003-07-30 16:34:01: DEBUG2: cftoken.l:116:yylex(): <5> 2003-07-30 16:34:01: DEBUG2: cftoken.l:386:yylex(): <5> 2003-07-30 16:34:01: DEBUG2: cftoken.l:124:yylex(): begin <3>; 2003-07-30 16:34:01: DEBUG2: cftoken.l:115:yylex(): begin <5>path 2003-07-30 16:34:01: DEBUG2: cftoken.l:118:yylex(): <5> 2003-07-30 16:34:01: DEBUG2: cftoken.l:386:yylex(): <5> 2003-07-30 16:34:01: DEBUG2: cftoken.l:124:yylex(): begin <3>; 2003-07-30 16:34:01: DEBUG2: cftoken.l:115:yylex(): begin <5>path 2003-07-30 16:34:01: DEBUG2: cftoken.l:120:yylex(): <5> 2003-07-30 16:34:01: DEBUG2: cftoken.l:386:yylex(): <5> 2003-07-30 16:34:01: DEBUG2: cftoken.l:124:yylex(): begin <3>; 2003-07-30 16:34:01: DEBUG2: cftoken.l:137:yylex(): begin <9>log 2003-07-30 16:34:01: DEBUG2: cftoken.l:140:yylex(): <9> 2003-07-30 16:34:01: DEBUG2: cftoken.l:195:yylex(): begin <25>remote 2003-07-30 16:34:01: DEBUG2: cftoken.l:401:yylex(): <25> 2003-07-30 16:34:01: DEBUG2: cftoken.l:200:yylex(): <27> 2003-07-30 16:34:01: DEBUG2: cftoken.l:203:yylex(): <27> 2003-07-30 16:34:01: DEBUG2: cftoken.l:205:yylex(): <27> 2003-07-30 16:34:01: DEBUG2: cftoken.l:206:yylex(): <27> 2003-07-30 16:34:01: DEBUG2: cftoken.l:207:yylex(): <27> 2003-07-30 16:34:01: DEBUG2: cftoken.l:208:yylex(): <27> 2003-07-30 16:34:01: DEBUG2: cftoken.l:425:yylex(): <27> 2003-07-30 16:34:01: DEBUG2: cftoken.l:234:yylex(): <27> 2003-07-30 16:34:01: DEBUG2: cftoken.l:235:yylex(): <27> 2003-07-30 16:34:01: DEBUG2: cftoken.l:356:yylex(): <27> 2003-07-30 16:34:01: DEBUG2: cftoken.l:347:yylex(): <27> 2003-07-30 16:34:01: DEBUG2: cftoken.l:425:yylex(): <27> 2003-07-30 16:34:01: DEBUG2: cftoken.l:226:yylex(): <27> 2003-07-30 16:34:01: DEBUG2: cftoken.l:251:yylex(): <27> 2003-07-30 16:34:01: DEBUG2: cftoken.l:227:yylex(): <27> 2003-07-30 16:34:01: DEBUG2: cftoken.l:228:yylex(): <27> 2003-07-30 16:34:01: DEBUG2: cftoken.l:425:yylex(): <27> 2003-07-30 16:34:01: DEBUG2: cftoken.l:238:yylex(): begin <29>proposal 2003-07-30 16:34:01: DEBUG2: cftoken.l:244:yylex(): <29> 2003-07-30 16:34:01: DEBUG2: cftoken.l:295:yylex(): <29> 2003-07-30 16:34:01: DEBUG2: cftoken.l:246:yylex(): <29> 2003-07-30 16:34:01: DEBUG2: cftoken.l:306:yylex(): <29> 2003-07-30 16:34:01: DEBUG2: cftoken.l:245:yylex(): <29> 2003-07-30 16:34:01: DEBUG2: cftoken.l:324:yylex(): <29> 2003-07-30 16:34:01: DEBUG2: cftoken.l:247:yylex(): <29> 2003-07-30 16:34:01: DEBUG2: cftoken.l:356:yylex(): <29> 2003-07-30 16:34:01: DEBUG2: cfparse.y:1171:set_isakmp_proposal(): lifetime = 3600 2003-07-30 16:34:01: DEBUG2: cfparse.y:1174:set_isakmp_proposal(): lifebyte = 0 2003-07-30 16:34:01: DEBUG2: cfparse.y:1177:set_isakmp_proposal(): encklen=128 2003-07-30 16:34:01: DEBUG2: cfparse.y:1240:expand_isakmpspec(): p:1 t:1 2003-07-30 16:34:01: DEBUG2: cfparse.y:1244:expand_isakmpspec(): 7(7) 2003-07-30 16:34:01: DEBUG2: cfparse.y:1244:expand_isakmpspec(): SHA(2) 2003-07-30 16:34:01: DEBUG2: cfparse.y:1244:expand_isakmpspec(): 1024-bit MODP group(2) 2003-07-30 16:34:01: DEBUG2: cfparse.y:1244:expand_isakmpspec(): pre-shared key(1) 2003-07-30 16:34:01: DEBUG2: cfparse.y:1251:expand_isakmpspec(): 2003-07-30 16:34:01: DEBUG2: cftoken.l:175:yylex(): begin <21>sainfo 2003-07-30 16:34:01: DEBUG2: cftoken.l:336:yylex(): <21> 2003-07-30 16:34:01: DEBUG2: cftoken.l:401:yylex(): <21> 2003-07-30 16:34:01: DEBUG2: cftoken.l:178:yylex(): <21> 2003-07-30 16:34:01: DEBUG2: cftoken.l:336:yylex(): <21> 2003-07-30 16:34:01: DEBUG2: cftoken.l:401:yylex(): <21> 2003-07-30 16:34:01: DEBUG2: cftoken.l:178:yylex(): <21> 2003-07-30 16:34:01: DEBUG2: cftoken.l:183:yylex(): <23> 2003-07-30 16:34:01: DEBUG2: cftoken.l:356:yylex(): <23> 2003-07-30 16:34:01: DEBUG2: cftoken.l:186:yylex(): <23> 2003-07-30 16:34:01: DEBUG2: cftoken.l:187:yylex(): <23> 2003-07-30 16:34:01: DEBUG2: cftoken.l:356:yylex(): <23> 2003-07-30 16:34:01: DEBUG2: cftoken.l:347:yylex(): <23> 2003-07-30 16:34:01: DEBUG2: cftoken.l:189:yylex(): <23> 2003-07-30 16:34:01: DEBUG2: cftoken.l:295:yylex(): <23> 2003-07-30 16:34:01: DEBUG2: cftoken.l:190:yylex(): <23> 2003-07-30 16:34:01: DEBUG2: cftoken.l:299:yylex(): <23> 2003-07-30 16:34:01: DEBUG2: cftoken.l:191:yylex(): <23> 2003-07-30 16:34:01: DEBUG2: cftoken.l:312:yylex(): <23> 2003-07-30 16:34:01: DEBUG: pfkey.c:2246:pk_checkalg(): compression algorithm can not be checked because sadb message doesn't support it. 2003-07-30 16:34:01: DEBUG2: cfparse.y:1353:cfparse(): parse successed. </racoon log> <kernel .config > CONFIG_CRYPTO=y CONFIG_CRYPTO_HMAC=y CONFIG_CRYPTO_NULL=y CONFIG_CRYPTO_MD4=y CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_SHA512=y CONFIG_CRYPTO_DES=y CONFIG_CRYPTO_BLOWFISH=y CONFIG_CRYPTO_TWOFISH=y CONFIG_CRYPTO_SERPENT=y CONFIG_CRYPTO_AES=y CONFIG_CRYPTO_DEFLATE=y CONFIG_NET_KEY=y CONFIG_INET_AH=y CONFIG_INET_ESP=y CONFIG_INET_IPCOMP=y CONFIG_XFRM_USER=y </kernel .config> |