Subject: Re: racoon broken by recent changes
To: None <current-users@netbsd.org>
From: Jeff <jeffi@rcn.com>
List: current-users
Date: 06/03/2005 15:14:21
On Tue, May 17, 2005 at 08:46:17PM +1000, Daniel Carosone wrote:
[snip]=20
> In the first incarnation, it would negotiate phase 1, and simply time
> out phase 2, repeating forever.  After a second rebuild to -current
> today, the behaviour has changed.. I now get a phase 2 negotiation
> reported, and then the following:
>=20
> /netbsd: key_update: no SA index found.
> racoon: ERROR: pfkey UPDATE failed: No such file or directory
>=20
> Is -current racoon working for anyone else, either with itself or with
> older peers? =20
>=20

Is anyone successfully running -current (post IPSEC_NAT_T import)
ipsec/racoon at this point?  I have seen a few posts (ipsec+gif and
racoon/isakmp_natt) that while perhaps unrelated, suggests some
possible breakage.  Like Daniel, I have been unable to utilize
ipsec/racoon since updating to current (previous -current was prior to
the NATT changes).  I am experiencing the same racoon ERROR (pfkey
UPDATE failed: No such file or directory).

Another reply to this thread suggests that reverting to an older
racoon binary "works".  I tried reverting all of ipsec-tools to
20050501 without success.

Any suggestions would be appreciated.

Jeff