Joel Wilsson <joelw@unix.se> wrote:
> On Wednesday, January 8, 2003, at 12:02  am, Jan Schaumann wrote:
> >Is it just me or did racoon break recently?
> >I rebuilt -current yesterday, and after the reboot it does not seem to
> >read the psk.txt file any more:
 
> >Anybody with a clue?
> 
> Not unless you find anything special in /var/log/messages.
> The racoon source hasn't been touched for over a month.
> My guess is that racoon dies before it gets so far that it actually
> needs to read psk.txt.

Well, I'm making some progress.  One problem I encountered was that on
boot /etc/rc.d/sysdb failed since /usr was not yet mounted.  Once that
was fixed, syslogd, ipsec and racoon started all nicely.

*However*, it it still behaving very oddly:
I have several rules in my /etc/ipsec.conf.  One to encrypt all traffic
for syslog (the server logs for several other machines), one for amanda
traffic and one for rsh/login.
Syslog and amanda traffic is properly encrypted and goes through to all
hosts.  But rsh traffic does NOT.  And I get a million:

 racoon: ERROR: isakmp.c:490: can't start the quick mode, there is no
 ISAKMP-SA,

messages, even though, at the same time, syslog through ipsec works and
'setkey -d' shows that the two hosts are talking.

Now obviously this sounds like rsh/login is misconfigured -- the
interesting thing about this is that it literally stopped working from
one moment to the next (coinciding with the update):

I was able to rsh from the server through ipsec to a workstation without
any problems.
I updated kernel and userland.
I no longer am able to rsh from the server through ipsec to a
workstation.

Weird.

Well, any pointers are aprreciated.
TIA,

-Jan

-- 
Probability factor of one to one. We have normality. I repeat, we have 
normality. Anything you still can't cope with is therefore your own lookout.