Subject: racoon IKE unidirectional?!
To: None <firstname.lastname@example.org>
From: Matthias Drochner <M.Drochner@fz-juelich.de>
Date: 06/15/2002 18:37:22
I'm observing some strange behaviour with my IPSEC tunnel setup.
Afaict, my setup is quite symmetrical, but a connection
gets only established if initiated from one side.
(Once the SA is present it works either way.)
This is a PC running -current with the in-tree racoon.
The other side is running the top of the 1.5 branch (1.5.3_RC2),
with the latest pkgsrc racoon (20020507a).
When I try to get a connection from the 1.5 box the following
gets into its syslog:
racoon: INFO: isakmp.c:939:isakmp_ph2begin_i(): initiate
new phase 2 negotiation: 184.108.40.206<=>220.127.116.11
racoon: ERROR: isakmp_inf.c:156:isakmp_info_recv(): notif
y message must be encrypted
last message repeated 2 times
racoon: ERROR: pfkey.c:738:pfkey_timeover(): 18.104.22.168
give up to get IPsec-SA due to time up to wait.
22.214.171.124 is the 1.5 box, ...11 is the -current one.
I'm using certificates, no shared secrets.
Is there a known problem?
Something I can do to track it down?
Of cource I can post more details if needed...