hello! I've spent the last couple of days figuring out, why I couldn't establish a host2host ipsec connection (i.e. transport-mode) betweeen a freeswan endpoint, and a racoon/linux-2.6 endpoint; as freeswan seemed to drop packets;
with klips_debug enabled, I got the follwing in the logs: kernel: klips_debug:ipsec_rcv: encalg = 3, authalg = 3. kernel: klips_debug:ipsec_rcv: auth failed on incoming packet from 10.51.1.42: hash=3c616dc13452a42dd9f86a5d auth=2980459fe26f1d15c31cb6c8, dropped i.e. ESP auth with hmac_sha1 failed for some reason; well, after hours of trying around, I finally found out, that using hmac_md5 solved the problem, now ESP auth works: kernel: klips_debug:ipsec_rcv: encalg = 3, authalg = 2. kernel: klips_debug:ipsec_rcv: authentication successful. I don't know, whether this is a bug on the freeswan side, or on the racoon/linux-2.6 side; I just wanted to let you know, how to workaround, since I saw several people having a similiar problem, but with now solution posted to their issue; There's also another interop issue: for some reason I can't get IPcomp to work; still working on this -- any hints maybe? hope this bit of information is helpful to anybody... -- Herbert Valerio Riedel / Phone: (EUROPE) +43-1-58801-18840 Email: [EMAIL PROTECTED] / Finger [EMAIL PROTECTED] for GnuPG Public Key GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F 4142
