by Hi,
May someone please tell me why the IPSEC tunnel I try to make fails as
follows:
racoon -F -f /etc/racoon/racoon.cfg
Foreground mode.
(http://ipsec-tools.sourceforge.net)
2004 (http://www.openssl.org/)
2005-09-28 22:34:40: INFO: 69.70.21.106[500] used as isakmp port (fd=5)
2005-09-28 22:34:40: INFO: 69.70.21.106[500] used for NAT-T
2005-09-28 22:34:40: INFO: IPsec-SA request for 64.235.194.78 queued due to
no phase1 found.
2005-09-28 22:34:40: INFO: initiate new phase 1 negotiation: 69.70.21.10
[500]<=>64.235.194.78[500]
2005-09-28 22:34:40: INFO: begin Identity Protection mode.
2005-09-28 22:34:45: INFO: ISAKMP-SA established 69.70.21.10
[500]-64.235.194.78[500] spi:e095758065e98bfa:1b2c7ac9b51a6ffe
2005-09-28 22:34:46: INFO: initiate new phase 2 negotiation: 69.70.21.10
[0]<=>64.235.194.78[0]
2005-09-28 22:34:47: ERROR: pfkey UPDATE failed: Invalid argument
2005-09-28 22:34:47: ERROR: pfkey ADD failed: Invalid argument
2005-09-28 22:35:16: ERROR: 64.235.194.78 give up to get IPsec-SA due to
time up to wait.
2005-09-28 22:35:16: INFO: IPsec-SA expired: ESP/Tunnel
64.235.194.78->69.70.21.106 spi=230932054(0xdc3be56)
What that means and how should I correct the problem? All necessary options
for IPSEC are in the kernel (2.6.13) that I use. I also run NAT firewall on
that box, but it should not affect things. What means pfkey UPDATE failed?
Any help appreciated,
George.