Debian Racoon Error Failed To Get Sainfo
Contents |
get sainfo" From: Marc Haber
Id_prot Request With Message Id 0 Processing Failed
I didn't include the empty dump. Can anybody tell me what I am doing wrong? If more information is needed, I'll happily deliver it. Thanks for helping! Greetings Marc racoon.conf: path include "/etc/racoon" ; path pre_shared_key "/etc/racoon/psk.txt" ; path certificate "/etc/ipsec.d" ; padding { maximum_length 20; # maximum padding length. randomize off; # enable randomize length. strict_check off; # enable strict check. exclusive_tail off; # extract last one octet. } listen { isakmp 10.47.14.16[500]; } timer { counter 5; # maximum trying count to send. interval 20 sec; # maximum interval to resend. persend 1; # the number of packets per a send. phase1 30 sec; phase2 15 sec; } remote 10.47.14.14 { exchange_mode main,aggressive; doi ipsec_doi; situation identity_only; certificate_type x509 "certs/kamikazeCert.pem" "private/kamikazeKey.pem" verify_cert on; my_identifier asn1dn; peers_identifier asn1dn; peers_certfile "certs/zombieCert.pem"; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key ; dh_group 2 ; } } sainfo address 10.47.14.14 any address 10.47.14.16 any {
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and
Invalid Id_v1 Payload Length, Decryption Failed?
policies of this site About Us Learn more about Stack Overflow the pfsense ipsec firewall rules company Business Learn more about hiring developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered failed to pre-process ph2 packet Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can http://www.kame.net/racoon/racoon-ml/msg00294.html ask a question Anybody can answer The best answers are voted up and rise to the top PFsense IPSec VPN failing phase 2 up vote 0 down vote favorite I am very new to VPNs and I am getting errors. I have posted the following lines that I think are the most relevant: Dec 2 08:41:03 racoon: DEBUG: IV freed Dec 2 http://serverfault.com/questions/648449/pfsense-ipsec-vpn-failing-phase-2 08:41:03 racoon: [EUA]: [79.121.213.141] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1). Dec 2 08:41:03 racoon: ERROR: failed to get sainfo. Dec 2 08:41:03 racoon: ERROR: failed to get sainfo. Dec 2 08:41:03 racoon: DEBUG: cmpid source: '192.168.10.0/24' Dec 2 08:41:03 racoon: DEBUG: cmpid target: '79.121.213.141/32' Dec 2 08:41:03 racoon: DEBUG: check and compare ids : value mismatch (IPv4_subnet) Dec 2 08:41:03 racoon: DEBUG: cmpid source: '192.168.0.0/24' Dec 2 08:41:03 racoon: DEBUG: cmpid target: '192.168.0.0/24' Dec 2 08:41:03 racoon: DEBUG: check and compare ids : values matched (IPv4_subnet) Dec 2 08:41:03 racoon: DEBUG: evaluating sainfo: loc='192.168.0.0/24', rmt='192.168.10.0/24', peer='ANY', id=1 Dec 2 08:41:03 racoon: DEBUG: getsainfo params: loc='192.168.0.0/24' rmt='79.121.213.141/32' peer='79.121.213.141' client='79.121.213.141' id=1 Dec 2 08:41:03 racoon: DEBUG: 304ccaa9 0176e9fb 71aa4c00 c864b944 24677b49 Dec 2 08:41:03 racoon: DEBUG: HASH computed: Dec 2 08:41:03 racoon: DEBUG: hmac(hmac_sha1) Can anyone tell me where this is going wrong? I don't think cmpid source and cmpid target should be the same? vpn ipsec pfsense share|improve this question asked Dec 2 '14 at 8:44 imperium2335 10816 add a comment| 3 Answers 3 active olde
installing services Post a reply 5 posts • Page 1 of 1 [solved]Connecting debian and windows via IPsec VPN + Racoon http://forums.debian.net/viewtopic.php?p=444239 by michi_20inch » 2012-07-19 19:45 Hello together,I've some trouble with the https://sourceforge.net/p/ipsec-tools/bugs/84/ IPsec configuration on my debian server (6 squeeze). This server should connect via IPsec VPN to an windows server, which is protected by an firewall.I've used racoon and ipsec-tools and this tutorial http://wiki.debian.org/IPsec. However, I am not quite sure, if this tutorial fits to failed to my purpose, because of some differences:- my Host and my gateway are the same server. So I don't have two different ip addresses. I guess, that's not a problem- the other server is an windows system behind a firewall. Hopefully, not a problem- the subnet of the windows system is /32 not /24. So I failed to get change it to /32.I worked through the tutorial step by step, but I wasn't able to route the ip.The following command didn't work for me: Code: Select allip route add to 172.16.128.100/32 via XXX.XXX.XXX.XXX src XXX.XXX.XXX.XXX
So I tried the following instead:Code: Select allip route add to 172.16.128.100
.., which obviously not solved the problem.The next problem is the compression. The windows doesn't use a compression, but 'compression_algorithm none;' doesn't work with my racoon. So the current value is 'compression_algorithm deflate;'So my current result looks like this:When I am trying to ping the windows host (ping 172.16.128.100), I receive the following error message from ping:Code: Select allping: sendmsg: Operation not permitted
And racoon logs:Code: Select allracoon: ERROR: failed to get sainfo.
After googling for a while I came to no conclusion, what's the solution.Does this error message mean that the first phase of IPsec works?I am thankful for any advice.I guess my configs might be helpful.My racoon.conf looks like this:Code: Select allpath pre_shared_key
you by: mit_warlord Summary Files Reviews Support Wiki Mailing Lists Tickets ▾ Bugs Support Requests Patches Feature Requests Code Create Ticket View Stats Group CVS snapshot Searches Changes Closed Tickets Open Tickets Help Formatting Help #84 ipsec-tools 0.8.0 racoon segfaults after losing connectivity Status: open Owner: nobody Labels: None Priority: 7 Updated: 2014-08-27 Created: 2013-02-08 Creator: Todd Blum Private: No I just had two racoon core dumps, two nights in a row. They both seem to coincide with ISP outages, the first night on my side, and the second night an ISP outage that affected at least five remote routers. racoon magically restarted itself twice on the first night, and not at all on the second. I was using pfSense 2.0.1 (since upgraded to 2.0.2), both of which run on FreeBSD 8.1 and use: Feb 5 00:13:33 racoon: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net) Feb 5 00:13:33 racoon: INFO: @(#)This product linked OpenSSL 0.9.8n 24 Mar 2010 (http://www.openssl.org/) --- Log exerpts are: Feb 5 00:09:36 192.168.116.250 racoon: [173.z.z.z] INFO: DPD: remote (ISAKMP-SA spi=2384af4f0ce1ea9c:98e4230c19058a5c) seems to be dea d. Feb 5 00:09:36 192.168.116.250 racoon: INFO: purging ISAKMP-SA spi=2384af4f0ce1ea9c:98e4230c19058a5c. Feb 5 00:09:36 192.168.116.250 racoon: INFO: purged IPsec-SA spi=194715026. Feb 5 00:09:36 192.168.116.250 racoon: INFO: purged IPsec-SA spi=66256580. Feb 5 00:09:36 192.168.116.250 racoon: INFO: purged ISAKMP-SA spi=2384af4f0ce1ea9c:98e4230c19058a5c. Feb 5 00:09:36 192.168.116.250 racoon: INFO: ISAKMP-SA deleted 204.x.x.x[500]-173.z.z.z[500] spi:2384af4f0ce1ea9c:98e4230c19058a5c Feb 5 00:09:36 192.168.116.250 racoon: INFO: IPsec-SA request for 173.z.z.z queued due to no phase1 found. Feb 5 00:09:36 192.168.116.250 racoon: INFO: initiate new phase 1 negotiation: 204.x.x