Subject: Re: racoon interoperability
To: None <>
From: Hendra Widarta <>
List: tech-net
Date: 04/24/2002 09:02:47
>	the issue with NULL encryption is not racoon problem but kernel
>	problem.  do you have any tcpdump trace during the test?  does
>	the situation change if you turn on/off ESP authentication?
>	(crypto checksum)

"turn on/off ESP authentication" ?
I've tested with encryption without authentication, except NULL.
I think it's strange to turn off ESP auth when using ESP Null encryption, 
right? But, racoon still run it away. 
Some security gateways should not be set for NULL encryption and 
NONE authentication at the same time.

>	btw, do other boxes interoperate with NULL encryption?

Some of them, YES.

BTW, I just downgraded to racoon-20010418a, default pkg in NetBSD-1.5.2,
and the result is out of my expectation, It's PASS.
So, It seems that it's not kernel problem.

racoon-20010418a vs NetScreen-100/204
SAD entries:
a.b.c.d p.q.r.s
        esp mode=tunnel spi=1642122335(0x61e0cc5f) reqid=0(0x00000000)
        E: null
        A: hmac-md5  009de812 57f38173 2cf868d5 8400c430
racoon-20011215a vs NetScreen-100/204
	{NULL+MD5}, {NULL+SHA1}: FAIL (although SA established)
SAD entries:
a.b.c.d p.q.r.s
        esp mode=tunnel spi=3423678687(0xcc1130df) reqid=0(0x00000000)
        E: null  ee0446b2 88cd9f46 25200a3e c9cd4a02 57af97f0 9cec0144
        A: hmac-md5  2a465cd6 4abf8986 d25890ba a2b0fb0d
It's quite strange; E is NULL and it shows the encryption-key.


Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more