[Ipsec-tools-devel] Racoon (different versions) crashes

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi!

I'm new to this list. After using ipsec-tools for about 6 months
successfully, I now have a big problem. A few days ago I got a new
notebook. I copied the racoon configuration, setkey configuration
and the certificates to the new notebook. It has the same name and
IP as the old one. Then I compiled the ipsec-tools 0.5.2 for my
2.6.12 kernel.
When I tried to set up a tunnel over my WLAN to the server, racoon
on the server crashed (version 0.5rc2). Then I also compiled version
0.5.2 for the server (kernel 2.6.10). But this version also crashed.

I had a small problem compiling ipsec-tools on the server. I had to
modify the CPPFLAGS line in the makefile in src/setkey and
src/racoon. I changed -include ./src/include-glibc/glibc-bugs.h to
-include ../../src/include-glibc/glibc-bugs.h. Otherwise I got an
error that glibc-bugs.h could not be found. After that it compiled
without problems.

I couldn't find anything in the internet yet. I attached a mail with
a gdb trace of the crash and a log file of racoon on the server. And
here is my configuration:

server:
(AMD Duron 800, 512MB, Debian Woody)

ipsec.conf
  #!/usr/sbin/setkey -f

  flush;
  spdflush;

racoon.conf
  path certificate "/etc/ssl/certs";

  remote anonymous {
        exchange_mode main;
        doi ipsec_doi;
        my_identifier asn1dn;
        peers_identifier asn1dn;
        initial_contact on;
        passive on;
        generate_policy on;
        verify_identifier on;
        verify_cert on;
        #lifetime time 60 min;

        certificate_type x509 "server.pem" \
             "server-key.pem";

        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method rsasig;
                dh_group 2;
        }
  }

  sainfo anonymous {
        encryption_algorithm 3des;
        authentication_algorithm hmac_sha1;
        compression_algorithm deflate;
  }

client:
(PentiumM 1800, 512MB, Debian testing)

ipsec.conf
  #!/usr/sbin/setkey -f

  flush;
  spdflush;

  spdadd 0.0.0.0/0 192.168.122.0/24 any -P in ipsec
        esp/tunnel/192.168.122.1-192.168.122.12/require;

  spdadd 192.168.122.0/24 0.0.0.0/0 any -P out ipsec
        esp/tunnel/192.168.122.12-192.168.122.1/require;

racoon.conf
  path certificate "/etc/ssl/certs";

  remote anonymous {
        exchange_mode main;
        doi ipsec_doi;
        my_identifier asn1dn;
        peers_identifier asn1dn;
        initial_contact on;
        passive off;
        generate_policy on;
        verify_identifier on;

        certificate_type x509 "laptop.pem" \
            "laptop-key.pem"\;

        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method rsasig;
                dh_group 2;
        }
  }

  sainfo anonymous {
        pfs_group 2;
        encryption_algorithm 3des;
        authentication_algorithm hmac_sha1;
        compression_algorithm deflate;
  }

I have no idea what is going wrong. This configuration worked very
well for a few months (ipsec-tools0.5rc2 and another notebook of
cource) and now it crashes and I have compile errors on the server
which I didn't have before (same ipsec-tools version).
Maybe you have an idea.

On my notebook is also Windows XP installed. There I can use IPsec
without problems.

Cheers,
Kay