Bug#439729: racoon: fails to get sainfo

Sun, 26 Aug 2007 15:29:02 -0700 

Package: racoon
Version: 1:0.6.7-1
Severity: normal
racoon 0.6.7-1 in testing and 0.6.6 in etch seem to have a bug for handling out phase II. the original racoon package from sf in version 0.6.6/0.6.7 works fine with the following config, the debian version complains about failing to get the sainfo. 

shortcut form racoon.conf:
remote 172.16.128.21 {
        exchange_mode main;
                proposal {
                       encryption_algorithm 3des;
                       hash_algorithm md5;
                       authentication_method pre_shared_key;
                       dh_group modp1024;
                       }
}
sainfo address 172.16.128.31 any address 172.16.128.21 any {
        encryption_algorithm 3des;
        authentication_algorithm hmac_md5;
        compression_algorithm deflate ;
}
from ipsec.conf:
flush;
spdflush;

spdadd 172.16.128.31 172.16.128.21 any -P out ipsec
        esp/transport//require;
spdadd 172.16.128.21 172.16.128.31 any -P in ipsec
        esp/transport//require;


Now after the ISAKMP-SA is established, the debian version went on  
like this:
2007-08-26 23:35:19: INFO: ISAKMP-SA established 172.16.128.31 
[500]-172.16.128.21[500] spi:7cc1b306fd24cd02:7d868e936f5019db

2007-08-26 23:35:19: DEBUG: ===
2007-08-26 23:35:20: DEBUG: ===

2007-08-26 23:35:20: DEBUG: 124 bytes message received from  
172.16.128.21[500] to 172.16.128.31[500]

2007-08-26 23:35:20: DEBUG:
7cc1b306 fd24cd02 7d868e93 6f5019db 08102001 f0ecac9b 0000007c 3c7c74e3
e43dba89 fab316d7 c4e01a80 cf0cf486 27bba696 7d103713 0a3f8c13 eda5986d
bdb63997 94b40b4d a685f322 1ad5fe69 a138ed92 2fcee7d3 43a2b9d4 be72a902
4e00de0b 4cc856cf 84a5c88f 6422d989 19d3f0cb 5394801a 2f9bd2af
2007-08-26 23:35:20: DEBUG: compute IV for phase2
2007-08-26 23:35:20: DEBUG: phase1 last IV:
2007-08-26 23:35:20: DEBUG:
b566ac89 dc920136 f0ecac9b
2007-08-26 23:35:20: DEBUG: hash(md5)
2007-08-26 23:35:20: DEBUG: encryption(3des)
2007-08-26 23:35:20: DEBUG: phase2 IV computed:
2007-08-26 23:35:20: DEBUG:
ba7ed423 15aa2b3a
2007-08-26 23:35:20: DEBUG: ===

2007-08-26 23:35:20: INFO: respond new phase 2 negotiation:  
172.16.128.31[500]<=>172.16.128.21[500]

2007-08-26 23:35:20: DEBUG: begin decryption.
2007-08-26 23:35:20: DEBUG: encryption(3des)
2007-08-26 23:35:20: DEBUG: IV was saved for next processing:
2007-08-26 23:35:20: DEBUG:
5394801a 2f9bd2af
2007-08-26 23:35:20: DEBUG: encryption(3des)
2007-08-26 23:35:20: DEBUG: with key:
2007-08-26 23:35:20: DEBUG:
789536c6 2387c93a f8a4d5b7 2734be98 1678c6c9 2ce8a0c3
2007-08-26 23:35:20: DEBUG: decrypted payload by IV:
2007-08-26 23:35:20: DEBUG:
ba7ed423 15aa2b3a
2007-08-26 23:35:20: DEBUG: decrypted payload, but not trimed.
2007-08-26 23:35:20: DEBUG:
01000014 b05512cf 0e398c04 d1e6ad28 945d88e7 0a000030 00000001 00000001
00000024 01030401 029dafda 00000018 01030000 80010001 80027080 80040002
80050001 00000014 d77d53c7 c48378f9 19a47033 55e4d8be 00000000 00000008
2007-08-26 23:35:20: DEBUG: padding len=8
2007-08-26 23:35:20: DEBUG: skip to trim padding.
2007-08-26 23:35:20: DEBUG: decrypted.
2007-08-26 23:35:20: DEBUG:
7cc1b306 fd24cd02 7d868e93 6f5019db 08102001 f0ecac9b 0000007c 01000014
b05512cf 0e398c04 d1e6ad28 945d88e7 0a000030 00000001 00000001 00000024
01030401 029dafda 00000018 01030000 80010001 80027080 80040002 80050001
00000014 d77d53c7 c48378f9 19a47033 55e4d8be 00000000 00000008
2007-08-26 23:35:20: DEBUG: begin.
2007-08-26 23:35:20: DEBUG: seen nptype=8(hash)
2007-08-26 23:35:20: DEBUG: seen nptype=1(sa)
2007-08-26 23:35:20: DEBUG: seen nptype=10(nonce)
2007-08-26 23:35:20: DEBUG: succeed.
2007-08-26 23:35:20: DEBUG: HASH(1) validate:2007-08-26 23:35:20: DEBUG:
b05512cf 0e398c04 d1e6ad28 945d88e7
2007-08-26 23:35:20: DEBUG: HASH with:
2007-08-26 23:35:20: DEBUG:
f0ecac9b 0a000030 00000001 00000001 00000024 01030401 029dafda 00000018
01030000 80010001 80027080 80040002 80050001 00000014 d77d53c7 c48378f9
19a47033 55e4d8be
2007-08-26 23:35:20: DEBUG: hmac(hmac_md5)
2007-08-26 23:35:20: DEBUG: HASH computed:
2007-08-26 23:35:20: DEBUG:
b05512cf 0e398c04 d1e6ad28 945d88e7
2007-08-26 23:35:20: ERROR: failed to get sainfo.
2007-08-26 23:35:20: ERROR: failed to get sainfo.
2007-08-26 23:35:20: ERROR: failed to pre-process packet


while the original version goes on and sets up the ipsec-transport  
(output truncated):


2007-08-26 23:34:18: DEBUG: ===
2007-08-26 23:34:18: DEBUG: ===

2007-08-26 23:34:18: DEBUG: 84 bytes message received from  
172.16.128.21[500] to 172.16.128.31[500]

2007-08-26 23:34:18: DEBUG:
893dc5b9 de0d38fa b13b3e90 df6c9faa 08100501 c19a3627 00000054 c9c9af23
9143afa4 f4bce8ee ce090999 34641a5f c9096d46 7ab369ba ead4ccab f41adeb4
59a0365a c56c839a 349df162 3ab06c32 439baa88
2007-08-26 23:34:18: DEBUG: receive Information.
2007-08-26 23:34:18: DEBUG: compute IV for phase2
2007-08-26 23:34:18: DEBUG: phase1 last IV:
2007-08-26 23:34:18: DEBUG:
ae8c986e 4aadb77f c19a3627
2007-08-26 23:34:18: DEBUG: hash(md5)
2007-08-26 23:34:18: DEBUG: encryption(3des)
2007-08-26 23:34:18: DEBUG: phase2 IV computed:
2007-08-26 23:34:18: DEBUG:
5e1864e8 9ff972c0
2007-08-26 23:34:18: DEBUG: begin decryption.
2007-08-26 23:34:18: DEBUG: encryption(3des)
2007-08-26 23:34:18: DEBUG: IV was saved for next processing:
2007-08-26 23:34:18: DEBUG:
3ab06c32 439baa88
2007-08-26 23:34:18: DEBUG: encryption(3des)
2007-08-26 23:34:18: DEBUG: with key:
2007-08-26 23:34:18: DEBUG:
6a93b985 9ba41828 483d52ac 49c76888 29d69fc0 4af2d293
2007-08-26 23:34:18: DEBUG: decrypted payload by IV:
2007-08-26 23:34:18: DEBUG:
5e1864e8 9ff972c0
2007-08-26 23:34:18: DEBUG: decrypted payload, but not trimed.
2007-08-26 23:34:18: DEBUG:
0b000014 a7e11868 73de6136 c52176b0 31dca94c 0000001c 00000001 01106002
893dc5b9 de0d38fa b13b3e90 df6c9faa 00000000 00000008
2007-08-26 23:34:18: DEBUG: padding len=8
2007-08-26 23:34:18: DEBUG: skip to trim padding.
2007-08-26 23:34:18: DEBUG: decrypted.
2007-08-26 23:34:18: DEBUG:
893dc5b9 de0d38fa b13b3e90 df6c9faa 08100501 c19a3627 00000054 0b000014
a7e11868 73de6136 c52176b0 31dca94c 0000001c 00000001 01106002 893dc5b9
de0d38fa b13b3e90 df6c9faa 00000000 00000008
2007-08-26 23:34:18: DEBUG: HASH with:
2007-08-26 23:34:18: DEBUG:
c19a3627 0000001c 00000001 01106002 893dc5b9 de0d38fa b13b3e90 df6c9faa
2007-08-26 23:34:18: DEBUG: hmac(hmac_md5)
2007-08-26 23:34:18: DEBUG: HASH computed:
2007-08-26 23:34:18: DEBUG:
a7e11868 73de6136 c52176b0 31dca94c
2007-08-26 23:34:18: DEBUG: hash validated.
2007-08-26 23:34:18: DEBUG: begin.
2007-08-26 23:34:18: DEBUG: seen nptype=8(hash)
2007-08-26 23:34:18: DEBUG: seen nptype=11(notify)
2007-08-26 23:34:18: DEBUG: succeed.
2007-08-26 23:34:18: DEBUG: call pfkey_send_dump

2007-08-26 23:34:18: DEBUG: notification message 24578:INITIAL- 
CONTACT, doi=1 proto_id=1 spi=893dc5b9de0d38fa b13b3e90df6c9faa  
(size=16).

2007-08-26 23:34:19: DEBUG: ===

2007-08-26 23:34:19: DEBUG: 124 bytes message received from  
172.16.128.21[500] to 172.16.128.31[500]

2007-08-26 23:34:19: DEBUG:
893dc5b9 de0d38fa b13b3e90 df6c9faa 08102001 3aecdcde 0000007c 825afbd7
b5411b4b 3219d715 8ca39e7b 4f3fe4bd 946df4ab 64024af5 51908966 c1221570
cf9e697f e9c9c698 07ae88eb 184123ce aebb9dc9 bc9a3629 2807b5fd a24f8df8
ef05af95 9cf852da 2f88555b d2609b5d 991397d0 54089018 7fb97264
2007-08-26 23:34:19: DEBUG: compute IV for phase2
2007-08-26 23:34:19: DEBUG: phase1 last IV:
2007-08-26 23:34:19: DEBUG:
ae8c986e 4aadb77f 3aecdcde
2007-08-26 23:34:19: DEBUG: hash(md5)
2007-08-26 23:34:19: DEBUG: encryption(3des)
2007-08-26 23:34:19: DEBUG: phase2 IV computed:
2007-08-26 23:34:19: DEBUG:
51ce0e11 d9a15dab
2007-08-26 23:34:19: DEBUG: ===

2007-08-26 23:34:19: INFO: respond new phase 2 negotiation:  
172.16.128.31[0]<=>172.16.128.21[0]

2007-08-26 23:34:19: DEBUG: begin decryption.
2007-08-26 23:34:19: DEBUG: encryption(3des)
2007-08-26 23:34:19: DEBUG: IV was saved for next processing:
2007-08-26 23:34:19: DEBUG:
54089018 7fb97264
2007-08-26 23:34:19: DEBUG: encryption(3des)
2007-08-26 23:34:19: DEBUG: with key:
2007-08-26 23:34:19: DEBUG:
6a93b985 9ba41828 483d52ac 49c76888 29d69fc0 4af2d293
2007-08-26 23:34:19: DEBUG: decrypted payload by IV:
2007-08-26 23:34:19: DEBUG:
51ce0e11 d9a15dab
2007-08-26 23:34:19: DEBUG: decrypted payload, but not trimed.
2007-08-26 23:34:19: DEBUG:
01000014 17e68cb6 ff8a666e bad84c87 88e67b22 0a000030 00000001 00000001
00000024 01030401 004e1853 00000018 01030000 80010001 80027080 80040002
80050001 00000014 a6c9e691 26935792 99fb07eb e2b9377a 00000000 00000008
2007-08-26 23:34:19: DEBUG: padding len=8
2007-08-26 23:34:19: DEBUG: skip to trim padding.
2007-08-26 23:34:19: DEBUG: decrypted.
2007-08-26 23:34:19: DEBUG:
893dc5b9 de0d38fa b13b3e90 df6c9faa 08102001 3aecdcde 0000007c 01000014
17e68cb6 ff8a666e bad84c87 88e67b22 0a000030 00000001 00000001 00000024
01030401 004e1853 00000018 01030000 80010001 80027080 80040002 80050001
00000014 a6c9e691 26935792 99fb07eb e2b9377a 00000000 00000008
2007-08-26 23:34:19: DEBUG: begin.
2007-08-26 23:34:19: DEBUG: seen nptype=8(hash)
2007-08-26 23:34:19: DEBUG: seen nptype=1(sa)
2007-08-26 23:34:19: DEBUG: seen nptype=10(nonce)
2007-08-26 23:34:19: DEBUG: succeed.
2007-08-26 23:34:19: DEBUG: HASH(1) validate:2007-08-26 23:34:19: DEBUG:
17e68cb6 ff8a666e bad84c87 88e67b22
2007-08-26 23:34:19: DEBUG: HASH with:
2007-08-26 23:34:19: DEBUG:
3aecdcde 0a000030 00000001 00000001 00000024 01030401 004e1853 00000018
01030000 80010001 80027080 80040002 80050001 00000014 a6c9e691 26935792
99fb07eb e2b9377a
2007-08-26 23:34:19: DEBUG: hmac(hmac_md5)
2007-08-26 23:34:19: DEBUG: HASH computed:
2007-08-26 23:34:19: DEBUG:
17e68cb6 ff8a666e bad84c87 88e67b22
2007-08-26 23:34:19: DEBUG: get sa info:

2007-08-26 23:34:19: DEBUG: get a destination address of SP index  
from phase1 address due to no ID payloads found OR because ID type is  
not address.
2007-08-26 23:34:19: DEBUG: get a source address of SP index from  
phase1 address due to no ID payloads found OR because ID type is not  
address.
2007-08-26 23:34:19: DEBUG: get a src address from ID payload  
172.16.128.21[0] prefixlen=32 ul_proto=0
2007-08-26 23:34:19: DEBUG: get dst address from ID payload  
172.16.128.31[0] prefixlen=32 ul_proto=0
2007-08-26 23:34:19: DEBUG: sub:0xbf9278c0: 172.16.128.21/32[0]  
172.16.128.31/32[0] proto=any dir=in
2007-08-26 23:34:19: DEBUG: db: 0x80b1fb8: 172.16.128.21/32[0]  
172.16.128.31/32[0] proto=any dir=in

2007-08-26 23:34:19: DEBUG: 0xbf9278c0 masked with /32: 172.16.128.21[0]
2007-08-26 23:34:19: DEBUG: 0x80b1fb8 masked with /32: 172.16.128.21[0]
2007-08-26 23:34:19: DEBUG: 0xbf9278c0 masked with /32: 172.16.128.31[0]
2007-08-26 23:34:19: DEBUG: 0x80b1fb8 masked with /32: 172.16.128.31[0]

2007-08-26 23:34:19: DEBUG: sub:0xbf9278c0: 172.16.128.31/32[0]  
172.16.128.21/32[0] proto=any dir=out
2007-08-26 23:34:19: DEBUG: db: 0x80b1fb8: 172.16.128.21/32[0]  
172.16.128.31/32[0] proto=any dir=in
2007-08-26 23:34:19: DEBUG: sub:0xbf9278c0: 172.16.128.31/32[0]  
172.16.128.21/32[0] proto=any dir=out
2007-08-26 23:34:19: DEBUG: db: 0x80b21f8: 172.16.128.31/32[0]  
172.16.128.21/32[0] proto=any dir=out

2007-08-26 23:34:19: DEBUG: 0xbf9278c0 masked with /32: 172.16.128.31[0]
2007-08-26 23:34:19: DEBUG: 0x80b21f8 masked with /32: 172.16.128.31[0]
2007-08-26 23:34:19: DEBUG: 0xbf9278c0 masked with /32: 172.16.128.21[0]
2007-08-26 23:34:19: DEBUG: 0x80b21f8 masked with /32: 172.16.128.21[0]

2007-08-26 23:34:19: DEBUG: suitable SP found:172.16.128.31/32[0]  
172.16.128.21/32[0] proto=any dir=out
2007-08-26 23:34:19: DEBUG:  (proto_id=ESP spisize=4 spi=00000000  
spi_p=00000000 encmode=Transport reqid=0:0)

2007-08-26 23:34:19: DEBUG:   (trns_id=3DES encklen=0 authtype=hmac-md5)
2007-08-26 23:34:19: DEBUG: total SA len=44
2007-08-26 23:34:19: DEBUG:
00000001 00000001 00000024 01030401 004e1853 00000018 01030000 80010001
80027080 80040002 80050001
2007-08-26 23:34:19: DEBUG: begin.



-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages racoon depends on:

ii  debconf  1.5.11                          Debian configuration  
management sy

ii  ipsec-to 1:0.6.7-1                       IPsec tools for Linux

ii  libc6    2.6.1-1+b1                      GNU C Library: Shared  
libraries
ii  libcomer 1.39+1.40-WIP-2006.11.14+dfsg-2 common error description  
library
ii  libkrb53 1.6.dfsg.1-6                    MIT Kerberos runtime  
libraries
ii  libpam0g 0.79-4                          Pluggable Authentication  
Modules l

ii  libssl0. 0.9.8e-6                        SSL shared libraries

ii  perl     5.8.8-7                         Larry Wall's Practical  
Extraction


racoon recommends no packages.

-- debconf information:
* racoon/config_mode: direct



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]















    











					Reply via email to