Subject: Re: pkg/32158 (pkgsrc ipsec-tools vuln, can't upgrade)
To: None <,,,>
From: Peter Eisch <>
List: pkgsrc-bugs
Date: 12/05/2005 14:20:02
The following reply was made to PR pkg/32158; it has been noted by GNATS.

From: Peter Eisch <>
To: <>, <>,
	<>, <>
Subject: Re: pkg/32158 (pkgsrc ipsec-tools vuln, can't upgrade)
Date: Mon, 05 Dec 2005 08:18:43 -0600

 Using the same config as before, I cannot initiate sessions to the cisco
 remotes.  I accept their initiation just fine.  It hangs trying to bring up
 phase 2.  My offers include:
         lifetime time 8 hour ;
         encryption_algorithm 3des, cast128, blowfish 448, des, rijndael ;
         authentication_algorithm hmac_sha1 , hmac_md5 ;
         compression_algorithm deflate ;
 And then on one of them I also have:
         pfs_group 2;
 Both are PSK.  I had to back out the package.  I will try to get a debug
 trace of what's happening, but it's complicated as I don't see any errors on
 my side -- it just seems to time out with phase 2.  I don't know that I'm
 not correctly decoding what they're sending back to my initiation request or
 if they're just dropping it.
 Both these remotes are customers of ours, state institutions, so getting
 them to work with me takes a bit of coaxing.  Hopefully I can get one of
 them to send me logs off their cisco as it pertains to us.
 On 12/4/05 3:07 PM, "" <> wrote:
 > Synopsis: pkgsrc ipsec-tools vuln, can't upgrade
 > State-Changed-From-To: open->feedback
 > State-Changed-By:
 > State-Changed-When: Sun, 04 Dec 2005 21:07:39 +0000
 > State-Changed-Why:
 > Peter has only confirmed that "ipsec-tools" 0.6.3 builds fine under
 > NetBSD 2.x. I'm still waiting for feedback to confirm that "racoon"
 > will actually work.