Re: [Ipsec-tools-users] Need some info regarding racoon.conf

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

HI Mick,

Thanks for your valuable response, Now I am not getting any reponse form
ping command,but I am seeing some packets are exchanged between
192.168.1.118 and 192.168.1.116 in ethereal  and the snapshot is mentioned
below.

[image: Inline image 1]
Syslog output:

May 22 14:17:34 priya racoon: DEBUG2: getph1: start
May 22 14:17:34 priya racoon: DEBUG2: local: 192.168.1.118[0]
May 22 14:17:34 priya racoon: DEBUG2: remote: 192.168.1.116[0]
May 22 14:17:34 priya racoon: DEBUG2: p->local: 192.168.1.118[500]
May 22 14:17:34 priya racoon: DEBUG2: p->remote: 192.168.1.116[500]
May 22 14:17:34 priya racoon: DEBUG2: matched
May 22 14:17:34 priya racoon: DEBUG2: CHKPH1THERE: no established ph1
handler found
May 22 14:17:35 priya racoon: DEBUG: 268 bytes from 192.168.1.118[500] to
192.168.1.116[500]
May 22 14:17:35 priya racoon: DEBUG: sockname 192.168.1.118[500]
May 22 14:17:35 priya racoon: DEBUG: send packet from 192.168.1.118[500]
May 22 14:17:35 priya racoon: DEBUG: send packet to 192.168.1.116[500]
May 22 14:17:35 priya racoon: DEBUG: src4 192.168.1.118[500]
May 22 14:17:35 priya racoon: DEBUG: dst4 192.168.1.116[500]
May 22 14:17:35 priya racoon: DEBUG: 1 times of 268 bytes message will be
sent to 192.168.1.116[500]
May 22 14:17:35 priya racoon: DEBUG: #01200a58090 d4463272 00000000
00000000 01100400 00000000 0000010c 04000038#01200000001 00000001 0000002c
01010001 00000024 01010000 800b0001 000c0004#01200015180 80010005 80030001
80020002 80040002 0a000084 c9fd4d6b ff55319e#012dc9fd918 c823edfe f8ef6401
b9f408e0 0c7bad65 368edb16 4281af0d 7f3e3ec0#012ca513a31 4df11ea7 9c2548fc
cd1dda8f a75173dc b64ff70e 7570aa09 58278f9f#012cd074f97 d6efa80e 81ef2d43
07d7288c de2a2660 61c8b172 906a268f e89e5a83#01223d7b77b 32c42185 656a32ca
684ad534 4d2de1d6 89d009ee 05000014 f2c83e1b#01202921e43 963e5d12 6de0491b
0d00000c 011101f4 c0a80176 00000014 afcad713#01268a1f1c9 6b8696fc 77570100
May 22 14:17:35 priya racoon: DEBUG: resend phase1 packet
00a58090d4463272:0000000000000000
May 22 14:17:35 priya racoon: DEBUG: ===
May 22 14:17:35 priya racoon: DEBUG: 40 bytes message received from
192.168.1.116[500] to 192.168.1.118[500]
May 22 14:17:35 priya racoon: DEBUG: #01200a58090 d4463272 ed18009a
a8aa2a86 0b100500 572324c9 00000028 0000000c#01200000001 0100000e
May 22 14:17:35 priya racoon: DEBUG: receive Information.
May 22 14:17:35 priya racoon: DEBUG: begin.
May 22 14:17:35 priya racoon: DEBUG: seen nptype=11(notify)
May 22 14:17:35 priya racoon: DEBUG: succeed.
May 22 14:17:35 priya racoon: [192.168.1.116] ERROR: notification
NO-PROPOSAL-CHOSEN received in unencrypted informational exchange.
May 22 14:17:35 priya racoon: DEBUG2: getph1: start
May 22 14:17:35 priya racoon: DEBUG2: local: 192.168.1.118[0]
May 22 14:17:35 priya racoon: DEBUG2: remote: 192.168.1.116[0]
May 22 14:17:35 priya racoon: DEBUG2: p->local: 192.168.1.118[500]
May 22 14:17:35 priya racoon: DEBUG2: p->remote: 192.168.1.116[500]
May 22 14:17:35 priya racoon: DEBUG2: matched
May 22 14:17:35 priya racoon: DEBUG2: CHKPH1THERE: no established ph1
handler found
May 22 14:17:36 priya racoon: [192.168.1.116] ERROR: phase2 negotiation
failed due to time up waiting for phase1. ESP
192.168.1.116[0]->192.168.1.118[0]
May 22 14:17:36 priya racoon: INFO: delete phase 2 handler.
May 22 14:17:37 priya racoon: DEBUG: pk_recv: retry[0] recv()
May 22 14:17:37 priya racoon: DEBUG: got pfkey EXPIRE message
May 22 14:17:37 priya racoon: DEBUG2: #01202080003 14000000 00000000
00000000 02000100 00000000 00030000 00000000#01204000300 00000000 00000000
00000000 1e000000 00000000 00000000 00000000#01204000200 00000000 00000000
00000000 09ed5e55 00000000 00000000 00000000#01203000500 00200000 02000000
c0a80176 00000000 00000000 03000600 00200000#01202000000 c0a80174 00000000
00000000 02001300 01000000 00000000 00000000
May 22 14:17:37 priya racoon: INFO: IPsec-SA expired: ESP/Transport
192.168.1.118[500]->192.168.1.116[500]
May 22 14:17:37 priya racoon: DEBUG: no such a SA found: ESP/Transport
192.168.1.118[500]->192.168.1.116[500]
May 22 14:17:45 priya racoon: DEBUG: 268 bytes from 192.168.1.118[500] to
192.168.1.116[500]
May 22 14:17:45 priya racoon: DEBUG: sockname 192.168.1.118[500]
May 22 14:17:45 priya racoon: DEBUG: send packet from 192.168.1.118[500]
May 22 14:17:45 priya racoon: DEBUG: send packet to 192.168.1.116[500]
May 22 14:17:45 priya racoon: DEBUG: src4 192.168.1.118[500]
May 22 14:17:45 priya racoon: DEBUG: dst4 192.168.1.116[500]
May 22 14:17:45 priya racoon: DEBUG: 1 times of 268 bytes message will be
sent to 192.168.1.116[500]
May 22 14:17:45 priya racoon: DEBUG: #01200a58090 d4463272 00000000
00000000 01100400 00000000 0000010c 04000038#01200000001 00000001 0000002c
01010001 00000024 01010000 800b0001 000c0004#01200015180 80010005 80030001
80020002 80040002 0a000084 c9fd4d6b ff55319e#012dc9fd918 c823edfe f8ef6401
b9f408e0 0c7bad65 368edb16 4281af0d 7f3e3ec0#012ca513a31 4df11ea7 9c2548fc
cd1dda8f a75173dc b64ff70e 7570aa09 58278f9f#012cd074f97 d6efa80e 81ef2d43
07d7288c de2a2660 61c8b172 906a268f e89e5a83#01223d7b77b 32c42185 656a32ca
684ad534 4d2de1d6 89d009ee 05000014 f2c83e1b#01202921e43 963e5d12 6de0491b
0d00000c 011101f4 c0a80176 00000014 afcad713#01268a1f1c9 6b8696fc 77570100
May 22 14:17:45 priya racoon: DEBUG: resend phase1 packet
00a58090d4463272:0000000000000000
May 22 14:17:45 priya racoon: DEBUG: ===
May 22 14:17:45 priya racoon: DEBUG: 40 bytes message received from
192.168.1.116[500] to 192.168.1.118[500]
May 22 14:17:45 priya racoon: DEBUG: #01200a58090 d4463272 e999a045
a500d858 0b100500 7b07c385 00000028 0000000c#01200000001 0100000e
May 22 14:17:45 priya racoon: DEBUG: receive Information.
May 22 14:17:45 priya racoon: DEBUG: begin.
May 22 14:17:45 priya racoon: DEBUG: seen nptype=11(notify)
May 22 14:17:45 priya racoon: DEBUG: succeed.
May 22 14:17:45 priya racoon: [192.168.1.116] ERROR: notification
NO-PROPOSAL-CHOSEN received in unencrypted informational exchange.
May 22 14:17:55 priya racoon: ERROR: phase1 negotiation failed due to time
up. 00a58090d4463272:0000000000000000

Cloud you please find out, where I went wrong ? Please suggest me what
should I do to establish the connection between two machine by using racoon
.

On Fri, May 22, 2015 at 3:48 AM, Mick <mic...@gm...> wrote:

> Hi Priyaranjan,
>
> On Thursday 21 May 2015 14:56:04 Priyaranjan Nayak wrote:
> > Hi All,
> >
> > I have install racoon in 14.04 LTS OS and configure like below and
> getting
> > ERROR message
> > My configuration is looks like below
> >
> > log debug2;
> > path pre_shared_key "/etc/racoon/psk.txt";
> > path certificate "/etc/racoon/certs";
> >
> >        remote anonymous
> >         {
> >                 exchange_mode aggressive ;
> >                 my_identifier user_fqdn "www.netcloudsystems.com" ;
> >                 lifetime time 24 hour ;
> >                 proposal {
> >                         encryption_algorithm 3des;
> >                         hash_algorithm sha1;
> >                         authentication_method pre_shared_key ;
> >                         dh_group 2 ;
> >                 }
> >         }
> >
> >         sainfo anonymous
> >         {
> >                 pfs_group 2;
> >                 lifetime time 12 hour ;
> >                 lifetime byte 50 MB ;
>
> Remove the above line, it is no longer used (deprecated).
>
> >                 encryption_algorithm 3des, blowfish, des, rijndael ;
> >                 authentication_algorithm sha1, hmac_md5 ;
> >                 compression_algorithm deflate ;
> >         }
> >
> > Once I start the racoon, I am getting below output in /var/log/syslog
> >
> > May 21 19:13:31 priya racoon: INFO: @(#)ipsec-tools 0.8.0 (
> > http://ipsec-tools.sourceforge.net)
> > May 21 19:13:31 priya racoon: INFO: @(#)This product linked OpenSSL
> 1.0.1f
> > 6 Jan 2014 (http://www.openssl.org/)
> > May 21 19:13:31 priya racoon: INFO: Reading configuration from
> > "/etc/racoon/racoon.conf"
> > May 21 19:13:31 priya racoon: DEBUG2: lifetime = 86400
> > May 21 19:13:31 priya racoon: DEBUG2: lifebyte = 0
> > May 21 19:13:31 priya racoon: DEBUG2: encklen=0
> > May 21 19:13:31 priya racoon: DEBUG2: p:1 t:1
> > May 21 19:13:31 priya racoon: DEBUG2: 3DES-CBC(5)
> > May 21 19:13:31 priya racoon: DEBUG2: SHA(2)
> > May 21 19:13:31 priya racoon: DEBUG2: 1024-bit MODP group(2)
> > May 21 19:13:31 priya racoon: DEBUG2: pre-shared key(1)
> > May 21 19:13:31 priya racoon: DEBUG2:
> > May 21 19:13:31 priya racoon: DEBUG: hmac(modp1024)
> > May 21 19:13:31 priya racoon: ERROR: /etc/racoon/racoon.conf:61: "MB"
> byte
> > lifetime support is deprecated
>
> This log entry is telling you that line 61 of the configuration is using an
> old setting, which is no longer valid.  Remove it and this error should go
> away.
>
> > May 21 19:13:31 priya racoon: ERROR: fatal parse failure (1 errors)
> >
> >
> > 1. Do we have any process to check the /etc/racoon/racoon.conf file
> before
> > starting the racoon ?
>
> Not as far as I know.  Increase the verbosity of the log and it usually
> tells
> you what is wrong.
>
> > 2. If anyone aware of this ERROR, Please explain it.
>
> The man page (man 5 racoon.conf) explains in the sainfo section, that only
> this directive is currently in use:
>
>   lifetime time number timeunit;
>
> --
> Regards,
> Mick
>

-- 
Thanks
Priyaranjan