Subject: Re: pkg/32158 (pkgsrc ipsec-tools vuln, can't upgrade)
To: , <>
From: Peter Eisch <>
List: pkgsrc-bugs
Date: 12/05/2005 08:18:43
Using the same config as before, I cannot initiate sessions to the cisco
remotes.  I accept their initiation just fine.  It hangs trying to bring up
phase 2.  My offers include:

        lifetime time 8 hour ;
        encryption_algorithm 3des, cast128, blowfish 448, des, rijndael ;
        authentication_algorithm hmac_sha1 , hmac_md5 ;
        compression_algorithm deflate ;

And then on one of them I also have:

        pfs_group 2;

Both are PSK.  I had to back out the package.  I will try to get a debug
trace of what's happening, but it's complicated as I don't see any errors on
my side -- it just seems to time out with phase 2.  I don't know that I'm
not correctly decoding what they're sending back to my initiation request or
if they're just dropping it.

Both these remotes are customers of ours, state institutions, so getting
them to work with me takes a bit of coaxing.  Hopefully I can get one of
them to send me logs off their cisco as it pertains to us.

On 12/4/05 3:07 PM, "" <> wrote:

> Synopsis: pkgsrc ipsec-tools vuln, can't upgrade
> State-Changed-From-To: open->feedback
> State-Changed-By:
> State-Changed-When: Sun, 04 Dec 2005 21:07:39 +0000
> State-Changed-Why:
> Peter has only confirmed that "ipsec-tools" 0.6.3 builds fine under
> NetBSD 2.x. I'm still waiting for feedback to confirm that "racoon"
> will actually work.