subject:"\"Re\\\: Racoon\""

Re: Racoon

2014-09-29 Thread Gokan Atmaca

Last state;

root@mx04:/etc/racoon# racoonctl show-event
reload-config : x.x.x.x[500] -> x.x.x.x[500]
Phase 1 deleted : x.x.x.x[500] -> x.x.x.x[500]
Phase 1 established : x.x.x.x[500] -> x.x.x.x[500]
Phase 1 mode configuration done : x.x.x.x[500] -> x.x.x.x.[500]



On Tue, Sep 30, 2014 at 12:49 AM, Gokan Atmaca  wrote:
> In addition to the logs;
>
> Sep 29 21:46:02 mx04 racoon: [x.x.x.x] ERROR: couldn't find the pskey
> for x.x.x.x.  │
> Sep 29 21:46:02 mx04 racoon: [x.x.x.x] ERROR: failed to process ph1
> packet (side: 1, status: 4).
>│
> Sep 29 21:46:02 mx04 racoon: [x.x.x.x] ERROR: phase1 negotiation
> failed.
>   │
> Sep 29 21:46:28 mx04 racoon: DEBUG: pfkey X_SPDDUMP failed: No such
> file or directory
>  │
> Sep 29 21:47:17 mx04 racoon: DEBUG: pfkey X_SPDDUMP failed: No such
> file or directory
>
>
>
> On Mon, Sep 29, 2014 at 10:40 PM, Gokan Atmaca  wrote:
>> Hello
>>
>>>What do you get in the logs?
>>>For a "connection" (by which I assume you mean an established tunnel)
>>>to be established, racoon needs to the the handshakes with the other
>>>side - if these fail, there should be traces of it in the
>>>logs.
>>
>>
>> Debian racoon Logs;
>>
>> Sep 29 17:26:57 mx04 rsyslogd-2177: imuxsock lost 29 messages from pid
>> 2353 due to rate-limiting
>> Sep 29 17:26:57 mx04 racoon: DEBUG: ===
>> Sep 29 17:26:57 mx04 racoon: DEBUG: 84 bytes message received from
>> 2.2.2.2[500] to 1.1.1.1[500]
>> Sep 29 17:26:57 mx04 racoon: DEBUG: #012d023406b 52dfd0b5 abb9799e
>> 9ea312c0 08100501 940797cb 0054 8b2eaffd#0128f73c0ea 8174951c
>> 9016a691 576c75df 8c598304 4a59b436 84681892 17b9f076#012d50b7bd4
>> 6b7bfd6c 5c38a83d ef4421f7 254a7906
>> Sep 29 17:26:57 mx04 racoon: DEBUG: receive Information.
>> Sep 29 17:26:57 mx04 racoon: DEBUG: compute IV for phase2
>> Sep 29 17:26:57 mx04 racoon: DEBUG: phase1 last IV:
>> Sep 29 17:26:57 mx04 racoon: DEBUG: #012049e3207 97a2f76e 940797cb
>> Sep 29 17:26:57 mx04 racoon: DEBUG: hash(md5)
>> Sep 29 17:26:57 mx04 racoon: DEBUG: encryption(3des)
>> Sep 29 17:26:57 mx04 racoon: DEBUG: phase2 IV computed:
>> Sep 29 17:26:57 mx04 racoon: DEBUG: #0126ee4bc2f 792ffba2
>> Sep 29 17:26:57 mx04 racoon: DEBUG: begin decryption.
>> Sep 29 17:26:57 mx04 racoon: DEBUG: encryption(3des)
>> Sep 29 17:26:57 mx04 racoon: DEBUG: IV was saved for next processing:
>> Sep 29 17:26:57 mx04 racoon: DEBUG: #012ef4421f7 254a7906
>> Sep 29 17:26:57 mx04 racoon: DEBUG: encryption(3des)
>> Sep 29 17:26:57 mx04 racoon: DEBUG: with key:
>> Sep 29 17:26:57 mx04 racoon: DEBUG: #0121158b894 fcf8cc8f b7963aff
>> 9f508c30 40f85979 1d9148c3
>> Sep 29 17:26:57 mx04 racoon: DEBUG: decrypted payload by IV:
>> Sep 29 17:26:57 mx04 racoon: DEBUG: #0126ee4bc2f 792ffba2
>> Sep 29 17:26:57 mx04 racoon: DEBUG: decrypted payload, but not trimed.
>> Sep 29 17:26:57 mx04 racoon: DEBUG: #0120c14 2c306481 245bb895
>> c7569e24 15af84bc 001c 0001 0111#012d023406b 52dfd0b5
>> abb9799e 9ea312c0 2c7f01b2 ab9d2807
>> Sep 29 17:26:57 mx04 racoon: DEBUG: padding len=8
>> Sep 29 17:26:57 mx04 racoon: DEBUG: skip to trim padding.
>> Sep 29 17:26:57 mx04 racoon: DEBUG: decrypted.
>> Sep 29 17:26:57 mx04 racoon: DEBUG: #012d023406b 52dfd0b5 abb9799e
>> 9ea312c0 08100501 940797cb 0054 0c14#0122c306481 245bb895
>> c7569e24 15af84bc 001c 0001 0111 d023406b#01252dfd0b5
>> abb9799e 9ea312c0 2c7f01b2 ab9d2807
>> Sep 29 17:26:57 mx04 racoon: DEBUG: IV freed
>> Sep 29 17:26:57 mx04 racoon: DEBUG: HASH with:
>> Sep 29 17:26:57 mx04 racoon: DEBUG: #012940797cb 001c 0001
>> 0111 d023406b 52dfd0b5 abb9799e 9ea312c0
>> Sep 29 17:26:57 mx04 racoon: DEBUG: hmac(hmac_md5)
>> Sep 29 17:26:57 mx04 racoon: DEBUG: HASH computed:
>> Sep 29 17:26:57 mx04 racoon: DEBUG: #0122c306481 245bb895 c7569e24 15af84bc
>> Sep 29 17:26:57 mx04 racoon: DEBUG: hash validated.
>> Sep 29 17:26:57 mx04 racoon: DEBUG: begin.
>> Sep 29 17:26:57 mx04 racoon: DEBUG: seen nptype=8(hash)
>> Sep 29 17:26:57 mx04 racoon: DEBUG: seen nptype=12(delete)
>> Sep 29 17:26:57 mx04 racoon: DEBUG: succeed.
>> Sep 29 17:26:57 mx04 racoon: [2.2.2.2.] DEBUG: delete payload for
>> protocol ISAKMP
>> Sep 29 17:26:57 mx04 racoon: INFO: ISAKMP-SA expired
>> 1.1.1.1[500]-2.2.2.2[500] spi:d023406b52dfd0b5:abb9799e9ea312c0
>> Sep 29 17:26:57 mx04 racoon: INFO: ISAKMP-SA deleted
>> 1.1.1.1[500]-2.2.2.2[500] spi:d023406b52dfd0b5:abb9799e9ea312c0
>> Sep 29 17:26:57 mx04 racoon: DEBUG: IV freed
>> Sep 29 17:26:57 mx04 racoon: DEBUG: purged SAs.
>>
>> 
>>
>>> This looks like a bad copy/paste?? You have spaces in it? Really??
>> Yes , bad paste...
>> ===
>>
>>
>>> Which version of racoon is this?
>>
>>
>> Racoon informaiton;
>>
>> root@mx04:/etc/racoon# dpkg -s racoon
>> Package: racoon
>> Status: install ok installed
>> Priority: extra
>> Section: net
>> Installed-Size: 1120
>> Maintainer: Matthew Grant 
>> Architecture: amd64
>> Source: ipsec-tools
>> Version: 1:0.8.0-

Re: Racoon

2014-09-29 Thread Gokan Atmaca

In addition to the logs;

Sep 29 21:46:02 mx04 racoon: [x.x.x.x] ERROR: couldn't find the pskey
for x.x.x.x.  │
Sep 29 21:46:02 mx04 racoon: [x.x.x.x] ERROR: failed to process ph1
packet (side: 1, status: 4).
   │
Sep 29 21:46:02 mx04 racoon: [x.x.x.x] ERROR: phase1 negotiation
failed.
  │
Sep 29 21:46:28 mx04 racoon: DEBUG: pfkey X_SPDDUMP failed: No such
file or directory
 │
Sep 29 21:47:17 mx04 racoon: DEBUG: pfkey X_SPDDUMP failed: No such
file or directory



On Mon, Sep 29, 2014 at 10:40 PM, Gokan Atmaca  wrote:
> Hello
>
>>What do you get in the logs?
>>For a "connection" (by which I assume you mean an established tunnel)
>>to be established, racoon needs to the the handshakes with the other
>>side - if these fail, there should be traces of it in the
>>logs.
>
>
> Debian racoon Logs;
>
> Sep 29 17:26:57 mx04 rsyslogd-2177: imuxsock lost 29 messages from pid
> 2353 due to rate-limiting
> Sep 29 17:26:57 mx04 racoon: DEBUG: ===
> Sep 29 17:26:57 mx04 racoon: DEBUG: 84 bytes message received from
> 2.2.2.2[500] to 1.1.1.1[500]
> Sep 29 17:26:57 mx04 racoon: DEBUG: #012d023406b 52dfd0b5 abb9799e
> 9ea312c0 08100501 940797cb 0054 8b2eaffd#0128f73c0ea 8174951c
> 9016a691 576c75df 8c598304 4a59b436 84681892 17b9f076#012d50b7bd4
> 6b7bfd6c 5c38a83d ef4421f7 254a7906
> Sep 29 17:26:57 mx04 racoon: DEBUG: receive Information.
> Sep 29 17:26:57 mx04 racoon: DEBUG: compute IV for phase2
> Sep 29 17:26:57 mx04 racoon: DEBUG: phase1 last IV:
> Sep 29 17:26:57 mx04 racoon: DEBUG: #012049e3207 97a2f76e 940797cb
> Sep 29 17:26:57 mx04 racoon: DEBUG: hash(md5)
> Sep 29 17:26:57 mx04 racoon: DEBUG: encryption(3des)
> Sep 29 17:26:57 mx04 racoon: DEBUG: phase2 IV computed:
> Sep 29 17:26:57 mx04 racoon: DEBUG: #0126ee4bc2f 792ffba2
> Sep 29 17:26:57 mx04 racoon: DEBUG: begin decryption.
> Sep 29 17:26:57 mx04 racoon: DEBUG: encryption(3des)
> Sep 29 17:26:57 mx04 racoon: DEBUG: IV was saved for next processing:
> Sep 29 17:26:57 mx04 racoon: DEBUG: #012ef4421f7 254a7906
> Sep 29 17:26:57 mx04 racoon: DEBUG: encryption(3des)
> Sep 29 17:26:57 mx04 racoon: DEBUG: with key:
> Sep 29 17:26:57 mx04 racoon: DEBUG: #0121158b894 fcf8cc8f b7963aff
> 9f508c30 40f85979 1d9148c3
> Sep 29 17:26:57 mx04 racoon: DEBUG: decrypted payload by IV:
> Sep 29 17:26:57 mx04 racoon: DEBUG: #0126ee4bc2f 792ffba2
> Sep 29 17:26:57 mx04 racoon: DEBUG: decrypted payload, but not trimed.
> Sep 29 17:26:57 mx04 racoon: DEBUG: #0120c14 2c306481 245bb895
> c7569e24 15af84bc 001c 0001 0111#012d023406b 52dfd0b5
> abb9799e 9ea312c0 2c7f01b2 ab9d2807
> Sep 29 17:26:57 mx04 racoon: DEBUG: padding len=8
> Sep 29 17:26:57 mx04 racoon: DEBUG: skip to trim padding.
> Sep 29 17:26:57 mx04 racoon: DEBUG: decrypted.
> Sep 29 17:26:57 mx04 racoon: DEBUG: #012d023406b 52dfd0b5 abb9799e
> 9ea312c0 08100501 940797cb 0054 0c14#0122c306481 245bb895
> c7569e24 15af84bc 001c 0001 0111 d023406b#01252dfd0b5
> abb9799e 9ea312c0 2c7f01b2 ab9d2807
> Sep 29 17:26:57 mx04 racoon: DEBUG: IV freed
> Sep 29 17:26:57 mx04 racoon: DEBUG: HASH with:
> Sep 29 17:26:57 mx04 racoon: DEBUG: #012940797cb 001c 0001
> 0111 d023406b 52dfd0b5 abb9799e 9ea312c0
> Sep 29 17:26:57 mx04 racoon: DEBUG: hmac(hmac_md5)
> Sep 29 17:26:57 mx04 racoon: DEBUG: HASH computed:
> Sep 29 17:26:57 mx04 racoon: DEBUG: #0122c306481 245bb895 c7569e24 15af84bc
> Sep 29 17:26:57 mx04 racoon: DEBUG: hash validated.
> Sep 29 17:26:57 mx04 racoon: DEBUG: begin.
> Sep 29 17:26:57 mx04 racoon: DEBUG: seen nptype=8(hash)
> Sep 29 17:26:57 mx04 racoon: DEBUG: seen nptype=12(delete)
> Sep 29 17:26:57 mx04 racoon: DEBUG: succeed.
> Sep 29 17:26:57 mx04 racoon: [2.2.2.2.] DEBUG: delete payload for
> protocol ISAKMP
> Sep 29 17:26:57 mx04 racoon: INFO: ISAKMP-SA expired
> 1.1.1.1[500]-2.2.2.2[500] spi:d023406b52dfd0b5:abb9799e9ea312c0
> Sep 29 17:26:57 mx04 racoon: INFO: ISAKMP-SA deleted
> 1.1.1.1[500]-2.2.2.2[500] spi:d023406b52dfd0b5:abb9799e9ea312c0
> Sep 29 17:26:57 mx04 racoon: DEBUG: IV freed
> Sep 29 17:26:57 mx04 racoon: DEBUG: purged SAs.
>
> 
>
>> This looks like a bad copy/paste?? You have spaces in it? Really??
> Yes , bad paste...
> ===
>
>
>> Which version of racoon is this?
>
>
> Racoon informaiton;
>
> root@mx04:/etc/racoon# dpkg -s racoon
> Package: racoon
> Status: install ok installed
> Priority: extra
> Section: net
> Installed-Size: 1120
> Maintainer: Matthew Grant 
> Architecture: amd64
> Source: ipsec-tools
> Version: 1:0.8.0-14
> Provides: ike-server
> Depends: debconf (>= 0.5) | debconf-2.0, ipsec-tools (= 1:0.8.0-14),
> libc6 (>= 2.8), libcomerr2 (>= 1.01), libgssapi-krb5-2 (>=
> 1.10+dfsg~), libk5crypto3 (>= 1.6.dfsg.2), libkrb5-3 (>= 1.6.dfsg.2),
> libldap-2.4-2 (>= 2.4.7), libpam0g (>= 0.99.7.1), libssl1.0.0 (>=
> 1.0.0), adduser, perl
> Conflicts: ike-server
> Conffiles:
>  /etc/init.d/racoon 249ef4dcc91c0b3f05fdda8c13b9d5ac
>  /etc/racoon/psk.txt 8912f9ec996

Re: Racoon

2014-09-29 Thread Gokan Atmaca

Hello

>What do you get in the logs?
>For a "connection" (by which I assume you mean an established tunnel)
>to be established, racoon needs to the the handshakes with the other
>side - if these fail, there should be traces of it in the
>logs.


Debian racoon Logs;

Sep 29 17:26:57 mx04 rsyslogd-2177: imuxsock lost 29 messages from pid
2353 due to rate-limiting
Sep 29 17:26:57 mx04 racoon: DEBUG: ===
Sep 29 17:26:57 mx04 racoon: DEBUG: 84 bytes message received from
2.2.2.2[500] to 1.1.1.1[500]
Sep 29 17:26:57 mx04 racoon: DEBUG: #012d023406b 52dfd0b5 abb9799e
9ea312c0 08100501 940797cb 0054 8b2eaffd#0128f73c0ea 8174951c
9016a691 576c75df 8c598304 4a59b436 84681892 17b9f076#012d50b7bd4
6b7bfd6c 5c38a83d ef4421f7 254a7906
Sep 29 17:26:57 mx04 racoon: DEBUG: receive Information.
Sep 29 17:26:57 mx04 racoon: DEBUG: compute IV for phase2
Sep 29 17:26:57 mx04 racoon: DEBUG: phase1 last IV:
Sep 29 17:26:57 mx04 racoon: DEBUG: #012049e3207 97a2f76e 940797cb
Sep 29 17:26:57 mx04 racoon: DEBUG: hash(md5)
Sep 29 17:26:57 mx04 racoon: DEBUG: encryption(3des)
Sep 29 17:26:57 mx04 racoon: DEBUG: phase2 IV computed:
Sep 29 17:26:57 mx04 racoon: DEBUG: #0126ee4bc2f 792ffba2
Sep 29 17:26:57 mx04 racoon: DEBUG: begin decryption.
Sep 29 17:26:57 mx04 racoon: DEBUG: encryption(3des)
Sep 29 17:26:57 mx04 racoon: DEBUG: IV was saved for next processing:
Sep 29 17:26:57 mx04 racoon: DEBUG: #012ef4421f7 254a7906
Sep 29 17:26:57 mx04 racoon: DEBUG: encryption(3des)
Sep 29 17:26:57 mx04 racoon: DEBUG: with key:
Sep 29 17:26:57 mx04 racoon: DEBUG: #0121158b894 fcf8cc8f b7963aff
9f508c30 40f85979 1d9148c3
Sep 29 17:26:57 mx04 racoon: DEBUG: decrypted payload by IV:
Sep 29 17:26:57 mx04 racoon: DEBUG: #0126ee4bc2f 792ffba2
Sep 29 17:26:57 mx04 racoon: DEBUG: decrypted payload, but not trimed.
Sep 29 17:26:57 mx04 racoon: DEBUG: #0120c14 2c306481 245bb895
c7569e24 15af84bc 001c 0001 0111#012d023406b 52dfd0b5
abb9799e 9ea312c0 2c7f01b2 ab9d2807
Sep 29 17:26:57 mx04 racoon: DEBUG: padding len=8
Sep 29 17:26:57 mx04 racoon: DEBUG: skip to trim padding.
Sep 29 17:26:57 mx04 racoon: DEBUG: decrypted.
Sep 29 17:26:57 mx04 racoon: DEBUG: #012d023406b 52dfd0b5 abb9799e
9ea312c0 08100501 940797cb 0054 0c14#0122c306481 245bb895
c7569e24 15af84bc 001c 0001 0111 d023406b#01252dfd0b5
abb9799e 9ea312c0 2c7f01b2 ab9d2807
Sep 29 17:26:57 mx04 racoon: DEBUG: IV freed
Sep 29 17:26:57 mx04 racoon: DEBUG: HASH with:
Sep 29 17:26:57 mx04 racoon: DEBUG: #012940797cb 001c 0001
0111 d023406b 52dfd0b5 abb9799e 9ea312c0
Sep 29 17:26:57 mx04 racoon: DEBUG: hmac(hmac_md5)
Sep 29 17:26:57 mx04 racoon: DEBUG: HASH computed:
Sep 29 17:26:57 mx04 racoon: DEBUG: #0122c306481 245bb895 c7569e24 15af84bc
Sep 29 17:26:57 mx04 racoon: DEBUG: hash validated.
Sep 29 17:26:57 mx04 racoon: DEBUG: begin.
Sep 29 17:26:57 mx04 racoon: DEBUG: seen nptype=8(hash)
Sep 29 17:26:57 mx04 racoon: DEBUG: seen nptype=12(delete)
Sep 29 17:26:57 mx04 racoon: DEBUG: succeed.
Sep 29 17:26:57 mx04 racoon: [2.2.2.2.] DEBUG: delete payload for
protocol ISAKMP
Sep 29 17:26:57 mx04 racoon: INFO: ISAKMP-SA expired
1.1.1.1[500]-2.2.2.2[500] spi:d023406b52dfd0b5:abb9799e9ea312c0
Sep 29 17:26:57 mx04 racoon: INFO: ISAKMP-SA deleted
1.1.1.1[500]-2.2.2.2[500] spi:d023406b52dfd0b5:abb9799e9ea312c0
Sep 29 17:26:57 mx04 racoon: DEBUG: IV freed
Sep 29 17:26:57 mx04 racoon: DEBUG: purged SAs.



> This looks like a bad copy/paste?? You have spaces in it? Really??
Yes , bad paste...
===


> Which version of racoon is this?


Racoon informaiton;

root@mx04:/etc/racoon# dpkg -s racoon
Package: racoon
Status: install ok installed
Priority: extra
Section: net
Installed-Size: 1120
Maintainer: Matthew Grant 
Architecture: amd64
Source: ipsec-tools
Version: 1:0.8.0-14
Provides: ike-server
Depends: debconf (>= 0.5) | debconf-2.0, ipsec-tools (= 1:0.8.0-14),
libc6 (>= 2.8), libcomerr2 (>= 1.01), libgssapi-krb5-2 (>=
1.10+dfsg~), libk5crypto3 (>= 1.6.dfsg.2), libkrb5-3 (>= 1.6.dfsg.2),
libldap-2.4-2 (>= 2.4.7), libpam0g (>= 0.99.7.1), libssl1.0.0 (>=
1.0.0), adduser, perl
Conflicts: ike-server
Conffiles:
 /etc/init.d/racoon 249ef4dcc91c0b3f05fdda8c13b9d5ac
 /etc/racoon/psk.txt 8912f9ec996ab814f11c45064e80b749
 /etc/racoon/racoon-tool.conf dd682434a9e4bfa828c3595510874e15
 /etc/racoon/racoon.conf 4f91882b325d8ab11361171ef0e56c5d
Description: IPsec Internet Key Exchange daemon
 IPsec (Internet Protocol security) offers end-to-end security for
 network traffic at the IP layer.
=

B site logs;

01108d29 6f187d06
22:27:11 ipsec,debug,packet e00903ea 2d309a93 7021a75d 06ec 9db78703
22:27:11 ipsec,debug,packet HASH with:
22:27:11 ipsec,debug,packet b3c284d5 0020 0001 01108d29
6f187d06 e00903ea
2d309a93 7021a75d
22:27:11 ipsec,debug,packet 06ec
22:27:11 ipsec,debug,packet hmac(hmac_md5)
22:27:11 ipsec,debug,packet HASH computed:
22:27:11 ipsec,debug,packet a020f2a8 63d1e2eb 09deec37 eca91b36
22:27:11 ipsec,debug,packet hash

Re: Racoon

2014-09-29 Thread Karl E. Jorgensen

Hi

On Mon, Sep 29, 2014 at 08:30:31PM +0300, Gokan Atmaca wrote:
> Hello
> 
> I want to make using racoon IPSEC connection. My configuration is as
> follows. B site RouterOS (Mikrotik) are available. A kind of
> connection can not be established.

What do you get in the logs?

For a "connection" (by which I assume you mean an established tunnel)
to be established, racoon needs to the the handshakes with the other
side - if these fail, there should be traces of it in the
logs.

Usually, there will be logging even if it is successfull.  Racoon
should log via syslog, hence (depending on your syslog configuration)
/var/log/daemon.log would be the place to look.

> Note: IP addresses are shown as examples.
> 
> WAN sites: 1.1.1.1
> LAN sites: 2.2.2.2
> B's: 3.3.3.3
> B's: 4.4.4.4
> 
> 
> 
> - A site config;
> 
> pre_shared_key path "/etc/racoon/psk.txt";
> path certificate "/ etc / racoon / certs";

This looks like a bad copy/paste?? You have spaces in it? Really??

> remote 3.3.3.3 {
> exchange_mo in the main;

This does not look like valid syntax. More bad copy/paste? Looks like
it was an attempt at "exchange_mode" ...

> initial_contact one;
> proposal_check obey;
> proposal {
>  encryption_algorithm 3DES;
>  hash_algorithm md5;
>  authentication_method pre_shared_key;
>  dh_group modp1024;
>  }
> }

You may want to avoid 3DES...

> 
> 
> Sainfoin any address 2.2.2.2/24 4.4.4.4/24 address any {

"Sainfoin" .. hm...

Which version of racoon is this?

>  lifetime time 24 hour;
>  encryption_algorithm 3DES;
>  authentication_algorithm hmac_md5;
>  compression_algorithm deflate;
>  pfs_group modp1024;
> }

I'd recommend looking in the logs to start with, and getting rid of
the syntax errors in the config before going further...

Hope this helps
-- 
Karl E. Jorgensen

-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140929183443.GA17498@hawking

Re: Racoon

Re: Racoon

Re: Racoon

Re: Racoon

4 matches

Site Navigation

Mail list logo

Footer information