[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(racoon 928) Re: Problems talking with Checkpoint-NG

To: racoon@kame.net
Subject: (racoon 928) Re: Problems talking with Checkpoint-NG
From: Aidas Kasparas <a.kasparas@gmc.lt>
Date: Tue, 05 Apr 2005 07:43:39 +0300
Cc: hamish@travellingkiwi.com
Delivered-to: racoon-archive@kame.net
Delivered-to: racoon-outgo@kame.net
Delivered-to: racoon@orange.kame.net
Delivered-to: racoon@kame.net
In-reply-to: <42515B40.5030503@travellingkiwi.com>
References: <20050330111600.9C67C4C952@damned.travellingkiwi.com> <20050331162754.18e8ce38.inoue@ntes.ipv6.nec.co.jp> <424BC7B0.7040304@travellingkiwi.com> <42515B40.5030503@travellingkiwi.com>
Reply-to: racoon@kame.net
Sender: owner-racoon@kame.net
User-agent: Debian Thunderbird 1.0 (X11/20050116)

Hamie wrote:

I've attached the logs for working (Racoon -> CKP) and not working (CKP -> Racoon) initiations of the phase-I & phase-II sequences, just in case anyone has any ideas... And cc:ed in ip-sec tools this time as well (Not sure if ipsec-tools version of racoon is the same as the racoon/kame version).

correct list is ipsec-tools-devel@...

If the checkpoint security domain isn't the same subnet/networks as the racoon end could it cause this (i.e. because of NAT'ing?)

Is there any way to get racoon to say what's in the message it gets back from ckp where it comaplains that there's no hash payload? (Presumably that's CKP telling racoon what it doesn't like? Trouble is CKP doesn't log anything locally for it at all when it fails).

The root of the evil is here:

2005-04-04 16:06:24: DEBUG: 40 bytes message received from 163.166.150.105[500] to 192.168.254.254[500] 2005-04-04 16:06:24: DEBUG: 569925a6 4b503686 484c0abc ad1c446b 0b100500 03cb3acf 00000028 0000000c 00000000 01000004 2005-04-04 16:06:24: DEBUG: receive Information. 2005-04-04 16:06:24: ERROR: ignore information because the message has no hash payload.

This is an information exchange Notification payload with INVALID-COOKIE message. Why CKP send such a message I'm still googling...


--
Aidas Kasparas
IT administrator
GM Consult Group, UAB

References:
- (racoon 919) Problems talking with Checkpoint-NG
  - From: hamish@travellingkiwi.com (Hamie)
- (racoon 920) Re: Problems talking with Checkpoint-NG
  - From: Satoshi Inoue <inoue@ntes.ipv6.nec.co.jp>
- (racoon 922) Re: Problems talking with Checkpoint-NG
  - From: Hamie <hamish@travellingkiwi.com>
- (racoon 927) Re: Problems talking with Checkpoint-NG
  - From: Hamie <hamish@travellingkiwi.com>

Prev by Date: (racoon 927) Re: Problems talking with Checkpoint-NG
Next by Date: (racoon 929) s/lifetime/lifebyte/
Previous by thread: (racoon 927) Re: Problems talking with Checkpoint-NG
Next by thread: (racoon 923) Re: Problems talking with Checkpoint-NG
Index(es):
- Date
- Thread