From: Kay H. <kl...@ha...> - 2005-06-22 21:06:19
|
Hi! I'm new to this list. After using ipsec-tools for about 6 months successfully, I now have a big problem. A few days ago I got a new notebook. I copied the racoon configuration, setkey configuration and the certificates to the new notebook. It has the same name and IP as the old one. Then I compiled the ipsec-tools 0.5.2 for my 2.6.12 kernel. When I tried to set up a tunnel over my WLAN to the server, racoon on the server crashed (version 0.5rc2). Then I also compiled version 0.5.2 for the server (kernel 2.6.10). But this version also crashed. I had a small problem compiling ipsec-tools on the server. I had to modify the CPPFLAGS line in the makefile in src/setkey and src/racoon. I changed -include ./src/include-glibc/glibc-bugs.h to -include ../../src/include-glibc/glibc-bugs.h. Otherwise I got an error that glibc-bugs.h could not be found. After that it compiled without problems. I couldn't find anything in the internet yet. I attached a mail with a gdb trace of the crash and a log file of racoon on the server. And here is my configuration: server: (AMD Duron 800, 512MB, Debian Woody) ipsec.conf #!/usr/sbin/setkey -f flush; spdflush; racoon.conf path certificate "/etc/ssl/certs"; remote anonymous { exchange_mode main; doi ipsec_doi; my_identifier asn1dn; peers_identifier asn1dn; initial_contact on; passive on; generate_policy on; verify_identifier on; verify_cert on; #lifetime time 60 min; certificate_type x509 "server.pem" \ "server-key.pem"; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig; dh_group 2; } } sainfo anonymous { encryption_algorithm 3des; authentication_algorithm hmac_sha1; compression_algorithm deflate; } client: (PentiumM 1800, 512MB, Debian testing) ipsec.conf #!/usr/sbin/setkey -f flush; spdflush; spdadd 0.0.0.0/0 192.168.122.0/24 any -P in ipsec esp/tunnel/192.168.122.1-192.168.122.12/require; spdadd 192.168.122.0/24 0.0.0.0/0 any -P out ipsec esp/tunnel/192.168.122.12-192.168.122.1/require; racoon.conf path certificate "/etc/ssl/certs"; remote anonymous { exchange_mode main; doi ipsec_doi; my_identifier asn1dn; peers_identifier asn1dn; initial_contact on; passive off; generate_policy on; verify_identifier on; certificate_type x509 "laptop.pem" \ "laptop-key.pem"\; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig; dh_group 2; } } sainfo anonymous { pfs_group 2; encryption_algorithm 3des; authentication_algorithm hmac_sha1; compression_algorithm deflate; } I have no idea what is going wrong. This configuration worked very well for a few months (ipsec-tools0.5rc2 and another notebook of cource) and now it crashes and I have compile errors on the server which I didn't have before (same ipsec-tools version). Maybe you have an idea. On my notebook is also Windows XP installed. There I can use IPsec without problems. Cheers, Kay |