Racoon not identifying host specified in config file

[Torbjørn]

Hello, everyone ..

Some quick information about the software in use:
Jul 28 15:51:42 fw0 racoon: INFO: @(#)ipsec-tools 0.7 
(http://ipsec-tools.sourceforge.net)
Jul 28 15:51:42 fw0 racoon: INFO: @(#)This product linked OpenSSL 
0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)


I'm having a problem with my IPSec configuration.
On one side, everything works out pretty nice.
On the other side, racoon is making bad noises about not finding a 
correct configuration.


"ERROR: couldn't find configuration."

However, if I kill racoon, and run it in the foreground with debug 
output on, I get some more information.


2008-07-16 16:06:27: DEBUG: ===
2008-07-16 16:06:27: DEBUG: 100 bytes message received from 
81.167.211.58[57413] to 85.200.211.69[500]

2008-07-16 16:06:27: DEBUG:
ba9d946f 3cf4cf90   01100200  0064 0d34
0001 0001 0028 01010001 0020 0101 800b0001 800c04b0
80010005 80030001 80020002 80040002 0014 afcad713 68a1f1c9 6b8696fc
77570100
2008-07-16 16:06:27: DEBUG: no remote configuration found.
2008-07-16 16:06:27: ERROR: couldn't find configuration.

The configuration is pretty straight forward.

# cat racoon.conf
path pre_shared_key "/var/etc/psk.txt";

path certificate  "/var/etc";

remote 81.167.211.58 {
exchange_mode main;
my_identifier address "85.200.211.69";

peers_identifier address 81.167.211.58;
initial_contact on;
support_proxy on;
proposal_check obey;

proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
lifetime time 2400 secs;
}
lifetime time 2400 secs;
}

sainfo address 85.200.211.64/29 any address 192.168.100.0/24 any {
encryption_algorithm 3des,blowfish,cast128,rijndael,rijndael 256;
authentication_algorithm hmac_sha1,hmac_md5;
compression_algorithm deflate;
lifetime time 1200 secs;
}

Here is the weird thing; if I change that remote stanza to read

remote anonymous {
blah;
}

then everything works out nice, racoon even tells me it uses the 
anonymous stanza for that correct IP.


2008-07-16 16:11:06: DEBUG: anonymous configuration selected for 
81.167.211.58.


So, to me this seems really odd, how come racoon isn't picking up that 
stanza when configured for that specified IP ?

Using the remote stanza is not what I really want ..

So, does anyone have any ideas on what is going on here ?
Using tcpdump I can see that it is in fact 81.167.211.58 that is coming 
through to racoon, on port 500/UDP.


Thanks for a great product, by the way.

-- Torbjørn / Nextline
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Serious filesystem problem (FreeBSD 4.8)

[Torbjørn Kristoffersen]

Hi

We have a fileserver, an Adaptec 3410S RAID card and
a RAID 01 partition that we use for network storage. It's shared
with NFS and SMB.

A directory that's being shared to an SMB client, has lately
encountered many weird problems.

Suddenly files/directories turn into something similar to this:

# ls -l
drwxr-xr-x  20788 administrator  administrator  7440289925196497251 Sep
11  2004 brokendir

# rm -rf aa
rm: aa: Directory not empty
# ls -la brokendir
#

Some directories/files are broken like this:

# du -sh some_dir/
du: fts_read: No such file or directory
# cd some_dir/
some_dir# find .
./users
./users/12a
./users/12a/main.mbx
find: fts_read: No such file or directory


The worst thing is, more and more files and directories become corrupt,
albeit not very often.

What should we do? I have attached dmesg output in this mail.
We use Samba Version 2.2.6pre2.  


One thing definately worth mentioning is:  These problems began
occurring a week ago, when one of the disks in the RAID 01 setup
failed.  We simply inserted a new disk, and had it rebuilt, the 
Adaptec Storage Manager Pro  reports healthy disks... And the
other directories in the RAID 01 partition, are also working fine.

Anyone encountered something similar?

TIA

-Torbjorn


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"