Subject: Re: racoon -- AUTH must be present for ESP
To: None <jnelson@newsstand.com>
From: Jun-ichiro itojun Hagino <itojun@itojun.org>
List: current-users
Date: 10/20/2003 08:49:20
> I think I've looked at this so long, I'm not seeing.
>
> Kernal and userland is "NetBSD 1.6ZC (GENERIC) #0: Sat Oct 11". The
> racoon config that works quite nicely on 1.6.1 fails after, what
> appears a normal phase one and phase two negotiation with:
>
> 2003-10-12 10:33:54: ERROR: ipsec_doi.c:2678: attr AUTH must be
> present for ESP NULL encryption
> 2003-10-12 10:33:54: ERROR: pfkey.c:953: failed to start post getspi
>
> I can't find anything in the docs or man pages that I recognize as
> related.
>
> What am I missing?
would you please post your racoon.conf as well as setkey(8) settings
(ipsec.conf), confidential info removed (like secret keys)?
basically, the error here is that your racoon (or the IKE peer)
requesting ESP without encryption, without authentication.
itojun