Thanks for that quick reply. I verified the log once again now.

I am using the command,
racoon -f /etc/racoon.conf.krb -d -l /etc/racoon.log

There are no Error messages. Only INFO messages are present. As Yuan mentioned, the log ends here.

I am not seeing ant core dump file :(  But the log file is ending there. Racoon is gettign killed in the machine from where I issue a ping. Could you please let me know if this is configuration issue ? I am able to make a psk based connection. Can anybody please help.

- Sandy.

On 12/6/05, VANHULLEBUS Yvan <vanhu@free.fr> wrote:
On Tue, Dec 06, 2005 at 07:07:50PM +0530, sandy s wrote:
> Hi all,


> I have upgraded the ipsec tools from 0.5-4 to 0.6.3 and DPD error seems to
> be fixed as I am not getting that error now.

In a previous mail, you pasted 'INFO' at the befinning of the log

I really guess this was NOT the reason of your error, and just the
last INFO/DEBUG message you saw in your log file.

Most important are not necessary the last ones, but the ERROR lines !

And it looks like you have no ERROR in your log, at least in the part
you sent us.

> But still I am unable to make
> an IPSec connection with Kerberos  as auth method.
> 1) I am having kerberos working properly in stand alone mode.
> 2) I am getting the TGT on one machine using.
>      kinit -k -t /etc/krb5.keytab host/linux.kerb.com@KERB.COM -V
> I am getting the TGT.
> 3) My racoon.conf file looks exactly same as "racoon.conf.sample-gssapi"
> file in the samples  folder.
> 4) Both peers are getting the GIi and GIr properly.
> I NOTICE THAT AFTER SOME 10 mins, racoon dies. I have verified by issuing
> command,
> ps -ef | grep racoon. The out put of this is nothing.
>  when this happens, If I ping, I get the error "ping: no such process" on
> the command prompt.
> 6) I have given the log file of the racoon out put when I do a ping.

> 2005-12-06 18:44:12: DEBUG: ===
> 2005-12-06 18:44:12: DEBUG: compute DH's private.
> 2005-12-06 18:44:12: DEBUG:
> 50699d9b 062b2888 692d6976 268ea08b 5a960b38 025eb721 b095de24 a8ac6481
> 777aa093 6744650e 5daf82ba 351eff91 66578259 27fc7784 c9f55aa6 50f5e6d4
> a16948cf 65bf44e8 68127bc6 f3af49fc 8d12542d 11fcff63 a4a0a755 2dbf45fe
> 657fc4c8 b35ec3aa 20410a05 d089a434 32568348 a5e60a78 d0337da8 fbc81bca
> 2005-12-06 18:44:12: DEBUG: compute DH's public.
> 2005-12-06 18:44:12: DEBUG:
> 49737b43 239503cb 3cdf9a82 ef03ff42 19c73126 681c0f62 7d839e66 6a147f18
> 598dd380 3d14b95a 6c4435f8 51f7d618 51e21823 9676dc35 eb24eda8 2b83a5a9
> 1801ded4 b753ed64 efcb57bf f21d6c53 8fd334b2 bc9e9a9e 51ad8bcc 83ed2cf0
> 833a5a96 636324d6 d3c53708 31bcf464 9781019d cc814be5 10c34a41 40082f81

If your log really ends here, and if your racoon seems to die, then
you found a racoon crash.

Now, it would be great if you could find the racoon.core and show us
at least the backtrace, to try to track down the problem.


This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
Ipsec-tools-users mailing list