Re: [Ipsec-tools-devel] Missing SAD
Brought to you by:
mit_warlord,
netbsd
From: Sam W. <swu...@gm...> - 2007-09-25 23:21:23
|
On 9/26/07, VANHULLEBUS Yvan <va...@fr...> wrote: > On Thu, Sep 13, 2007 at 10:00:57PM +1000, Sam Wun wrote: > > Hi, > > Hi. > > > > I have installed ipsec-tools 0.7 in freebsd 6.2. > > One end of the VPN connection shown 2 SAD entries, while another end > > of the VPN doesn't shown any SAD entry. > > The one shown 2 SAD entries are: > > core: # setkey -D > > 12x.x.x.x 2x.x.x.x > > esp mode=tunnel spi=265231941(0x0fcf1e45) reqid=0(0x00000000) > > E: 3des-cbc 1a8ab592 8b738761 1aefb342 c8068f21 b1014ecf ec867731 > > A: hmac-md5 61d09189 e1aaec8c 9a3d7ebf 842768aa > > seq=0x00000001 replay=4 flags=0x00000000 state=mature > > created: Sep 13 21:38:07 2007 current: Sep 13 21:54:40 2007 > > diff: 993(s) hard: 28800(s) soft: 23040(s) > > last: Sep 13 21:42:39 2007 hard: 0(s) soft: 0(s) > > current: 144(bytes) hard: 0(bytes) soft: 0(bytes) > > allocated: 1 hard: 0 soft: 0 > > sadb_seq=1 pid=88156 refcnt=2 > > 2x.x.x.x 12x.x.x.x > > esp mode=tunnel spi=236492096(0x0e189540) reqid=0(0x00000000) > > E: 3des-cbc bf1ea2ed e661f704 931a6d94 3a4a6049 d3efa161 82fa5014 > > A: hmac-md5 28a88aa9 57ac1e12 c9548807 6b22742f > > seq=0x00000000 replay=4 flags=0x00000000 state=mature > > created: Sep 13 21:38:07 2007 current: Sep 13 21:54:40 2007 > > diff: 993(s) hard: 28800(s) soft: 23040(s) > > last: hard: 0(s) soft: 0(s) > > current: 0(bytes) hard: 0(bytes) soft: 0(bytes) > > allocated: 0 hard: 0 soft: 0 > > sadb_seq=0 pid=88156 refcnt=1 > > > > the other end of the VPN connection shown nothing: > > belmore# setkey -D > > # > > Did it show something before ? > > The first thing I would have a look to is the checkmode on both > racoons: you may just have issues with strange behaviour of claim or > obey checkmodes, which would result to SAs having different lifetimes > on both ends. > > Hi, There is no *checkmode* in my both racoon.conf file. What is it? How can I find out what the *checkmode* on both racoon config is? Thanks S > Yvan. > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Ipsec-tools-devel mailing list > Ips...@li... > https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel > |