From: michel nsimba matondo <nsimba_matondo@ya...> - 2010-06-29 02:06:49
I'am a new user of IPsec-tools, particularly racoon. I am also a student in the University of Namur in Belgium. I am running a laboratory to emulate the fonctionnalities of the protocol HIP( host Identity Protocol). I am using the program NetKit for emulating. I make communicate to peers, pc1.info.edu and pc4.drh.com.
At the peer pc1.info.edu when I use racoon and DNSsec to get the CERT RR of the FQDN (here "pc4.drh.com"), I get the message in the following message in racoon.log:
here a base 64 encoding text
ERROR:oakley.c:1394:oakley_validate_auth(): No CERT RR found.
I need your very help because when I dump the packet arriving to pc1.info.edu with tcpdump, I see that the CERT RR was transmitted to the name server of pc1.info.edu, but racoon says that the CERT RR was not found. When I use "dig pc4.drh.com CERT +dnssec", i get easily the CERT RR.
Can someone help me to fix this problem, using racoon with DNSsec and CERT RR.
Thanks a lot for your very help.