tech-net: Re: racoon: can't start the quick mode

Subject: Re: racoon: can't start the quick mode
To: None <tech-net@NetBSD.org>
From: Jan Schaumann <jschauma@netmeister.org>
List: tech-net
Date: 09/04/2005 12:36:07

--uAKRQypu60I7Lcqm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Matthias Scheler <tron@zhadum.de> wrote:
> In article <20050904031516.GA20767@netmeister.org>,
> 	Jan Schaumann <jschauma@netmeister.org> writes:
> > Sep  3 23:11:54 amstel racoon: ERROR: isakmp.c:505: can't start the
> >  quick mode, there is no ISAKMP-SA,
> >  1b51ec5c83aec49d:ee081d4d91487dcd:000079c7=3D20
>=20
> This looks like the server is trying to establish an SA to the client
> (to be able to send traffic) but isn't able to do so e.g. because the
> "passive" option is set to "on" in "/etc/racoon/racoon.conf".

Hmmm.  'passive' is off (or at least, it's not set in racoon.conf, and
the manual page claims default is 'off').

However, if I set 'passive off' explicitly, the number of ERROR messages
goes down significantly, and I only get intermittent messages as the
ones below.  (Before, I would get dozens approximately every 10 seconds
or so.  I do have dozens of clients, though.)

> Which version of "racoon" is that? And what is printed out if you
> start "racoon" with "/usr/sbin/racoon -v -F" in the foreground.

2005-09-04 12:29:31: INFO: main.c:177: @(#)racoon 20001216 20001216
sakane@kame.net
2005-09-04 12:29:31: INFO: main.c:178: @(#)This product linked OpenSSL
0.9.7d 17 Mar 2004 (http://www.openssl.org/)
2005-09-04 12:29:31: INFO: isakmp.c:1371: 155.246.89.68[500] used as
isakmp port (fd=3D5)
2005-09-04 12:29:32: ERROR: isakmp.c:505: can't start the quick mode,
there is no ISAKMP-SA, 70074a8b57c3fc94:1b8a2574b21e824d:0000aa05
2005-09-04 12:29:32: ERROR: isakmp.c:505: can't start the quick mode,
there is no ISAKMP-SA, 9a042b69c9cb9f0c:c9574abd9e15db65:00009bf7

-Jan

--=20
http://www.netbsd.org -
         Multiarchitecture OS, no hype required.

--uAKRQypu60I7Lcqm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)

iD8DBQFDGyJ3fFtkr68iakwRAgvqAJ9VLWe3hN/p+L7gpEpHuk6KkcBwOACgnGsJ
hP5/YbmGxW5ikVvUUGlo3h4=
=Rwvf
-----END PGP SIGNATURE-----

--uAKRQypu60I7Lcqm--