[Ipsec-tools-users] racoon not rekeying ipsec tunnels

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I have a single host running centos 4 connecting through racoon tunnel
to a checkpoint firewall.

=20

Several times a day the SA expires and does not re-key. =20

=20

ERROR: unknown Informational exchange received.

=20

I have to kill the racoon process and restart it to get the tunnel to
re-initialize. =20

Any ideas what is happening?   Here are my configs.  If you need more
detailed logs let me know, I'm running debug2

=20

=20

=20

cat /etc/racoon/setkey.conf

#!/sbin/setkey -f

#

flush;

spdflush;

=20

#local host A.A.A.A

#remote firewall B.B.B.B

#remote destination C.C.C.C

=20

spdadd A.A.A.A/32 C.C.C.C/32 any -P out ipsec

        esp/tunnel/A.A.A.A-B.B.B.B/require;

spdadd C.C.C.C/32 A.A.A.A/32 any -P in ipsec

        esp/tunnel/B.B.B.B-A.A.A.A/require;

=20

=20

this sets up a tunnel policy between the local host and the remote
firewall for the single destination C.C.C.C=20

=20

rc.local then calls /usr/sbin/racoon

=20

[root@credexhost mon]# cat /etc/racoon/racoon.conf

=20

# Racoon IKE daemon configuration file.

# See 'man racoon.conf' for a description of the format and entries.

=20

log debug2;

path include "/etc/racoon";

path pre_shared_key "/etc/racoon/psk.txt";

path certificate "/etc/racoon/certs";

=20

sainfo anonymous

{

        pfs_group 2;

        lifetime time 24 hour ;

        encryption_algorithm 3des ;

        authentication_algorithm hmac_md5 ;

        compression_algorithm deflate ;

}

=20

remote anonymous

{

 exchange_mode main;

 generate_policy on;

 lifetime time 1 hour; # sec,min,hour

 proposal_check claim; # obey, strict or claim

 proposal {

  encryption_algorithm 3des;

  hash_algorithm md5;

  authentication_method pre_shared_key;

  dh_group 2 ;

 }

}

=20

=20

=20

=20

=20