Bug 470575
Description
Alexandre Thieme Reis
2008-11-07 18:59:54 UTC
The client side as of the second log is running 0.7.1 or 0.7 version? Can you please try to run the gateway with log level debug2 and attach or paste the output? Client side run ipsec-tools version 0.7 Created attachment 322901 [details]
client-racoon.log (tail -f /var/log/syslog), client-racoon-debug.log (racoon -d -F), gw-racoon.log (tail -f /var/log/messages), gw-racoon-debug.log (racoon -d -F)
Created attachment 322904 [details]
client-racoon.log (tail -f /var/log/syslog), client-racoon-debug.log (racoon -d -F), gw-racoon.log (tail -f /var/log/messages), gw-racoon-debug.log (racoon -d -F)
The racoon.log is racoon.tgz, excuse me! If client is ipsec-tools version 0.7.1, also do not work! I download ipsec-tools veriosn 0.7.1 from sourceforge ,recompile without patch and racoon work fine!!! Ditto here folks. An IPSec tunnel that worked with old ipsec-tools doesn't come up any more: ------------------------------------ Nov 8 15:29:57 beauty racoon: INFO: initiate new phase 2 negotiation: <to_IP>[500]<=><from_IP>[500] Nov 8 15:29:57 beauty racoon: WARNING: ignore RESPONDER-LIFETIME notification. Nov 8 15:29:57 beauty racoon: WARNING: attribute has been modified. Nov 8 15:29:57 beauty racoon: WARNING: authtype mismatched: my:hmac-sha peer:hmac-md5 Nov 8 15:29:57 beauty racoon: ERROR: pfkey add failed. Nov 8 15:29:57 beauty racoon: ERROR: failed to process packet. Nov 8 15:29:57 beauty racoon: ERROR: phase2 negotiation failed. Nov 8 15:30:26 beauty racoon: INFO: initiate new phase 2 negotiation: <to_IP>[500]<=><from_IP>[500] Nov 8 15:30:26 beauty racoon: WARNING: ignore RESPONDER-LIFETIME notification. Nov 8 15:30:26 beauty racoon: WARNING: attribute has been modified. Nov 8 15:30:26 beauty racoon: WARNING: authtype mismatched: my:hmac-sha peer:hmac-md5 Nov 8 15:30:26 beauty racoon: ERROR: pfkey add failed. Nov 8 15:30:26 beauty racoon: ERROR: failed to process packet. Nov 8 15:30:26 beauty racoon: ERROR: phase2 negotiation failed. ------------------------------------ Reverting back to the old version of ipsec-tools RPM immediately fixes the problem. Regarding comment #8, I'm connecting to a PIX there. *** Bug 470738 has been marked as a duplicate of this bug. *** ipsec-tools-0.7.1-6.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/ipsec-tools-0.7.1-6.fc9 The ipsec-tools-0.7.1-6.fc9.x86_64.rpm works for me. ipsec-tools-0.7.1-6.fc9.i386 works here. Thanks you. Just gave it +1 karma in bodhi. ipsec-tools-0.7.1-6.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. Thank you, ipsec-tools now work fine!!! |