Hi everybody,

I'm trying to configure a tunnel between a linux box with racoon and a costumer cisco router. In the same racoon there're other vpn's configured and working, and one of them is identical to the new one that doesn't work except in one thing, the don't use Perfect Forward Secrecy.

The parameters supplied by the costumer are the following:

Authentication Method* Pre-Shared Key
Encryption Scheme* IKE
Diffie-Hellman Group* Group 2
Encryption Algorithm* 3DES
Hashing Algorithm* SHA-1
Main or Aggressive Mode* Main mode preferred
Lifetime (for renegotiation)* 1440 min
Encapsulation (ESP or AH)* ESP
Encryption Algorithm* 3DES
Authentication Algorithm* SHA-1
Perfect Forward Secrecy* NO PFS
Lifetime (for renegotiation)* 3600 seconds

and my racoon.conf config for this is:

remote router_ip_address {
exchange_mode main;
send_cr off;
send_cert off;
lifetime time 3600 sec;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}

sainfo address costumer_encryption_domain/32 any address my_encryption_domain/32 any
{
encryption_algorithm 3des;
authentication_algorithm hmac_sha1, hmac_md5;
compression_algorithm deflate;
}

I don't include the setkey.conf file because I have checked it several times. The psk.txt is already correct.

I start racoon with debugs, and when I try to create the tunnel with a ping to costumer_encryption_domain, the negociation starts, the hosts exchange the pre-shared keys, and then in /var/log/messages appears the following message:

Mar 12 19:36:06 lx37 racoon: DEBUG: 116 bytes message received from customer_ip_gateway[500] to own_ip_gateway[500]
Mar 12 19:36:06 lx37 racoon: DEBUG: 3e8e9ec7 50c7daa5 bb6b9a93 1644e9e5 0b100501 00000000 00000074 7a699a0c 1fa302dc 04faeccd 3993c01f 4793a4ff 36248aea 27e0c3ad 41f38954 b25d3b2b c2f76a14 83ef1ac2 0716b9cf 40df29e0 1b5bb133 dfc7099d e11495f0 5117a7b3 eeddd0fb 36939eee 0ba34173 1cc68d0a b24f3074
Mar 12 19:36:06 lx37 racoon: DEBUG: receive Information.
Mar 12 19:36:06 lx37 racoon: DEBUG: compute IV for phase2
Mar 12 19:36:06 lx37 racoon: DEBUG: phase1 last IV:
Mar 12 19:36:06 lx37 racoon: DEBUG: e47cae57 2950d862 00000000
Mar 12 19:36:06 lx37 racoon: DEBUG: hash(sha1)
Mar 12 19:36:06 lx37 racoon: DEBUG: encription(3des)
Mar 12 19:36:06 lx37 racoon: DEBUG: phase2 IV computed:
Mar 12 19:36:06 lx37 racoon: DEBUG: 87af7509 0a617457
Mar 12 19:36:06 lx37 racoon: DEBUG: begin decryption.
Mar 12 19:36:06 lx37 racoon: DEBUG: encription(3des)
Mar 12 19:36:06 lx37 racoon: DEBUG: IV was saved for next processing:
Mar 12 19:36:06 lx37 racoon: DEBUG: 1cc68d0a b24f3074
Mar 12 19:36:06 lx37 racoon: DEBUG: encription(3des)
Mar 12 19:36:06 lx37 racoon: DEBUG: with key:
Mar 12 19:36:06 lx37 racoon: DEBUG: 04739fef 5ac78adb ee3b2ae5 85675e4b 07228326 a39867ed
Mar 12 19:36:06 lx37 racoon: DEBUG: decrypted payload by IV:
Mar 12 19:36:06 lx37 racoon: DEBUG: 1cc68d0a b24f3074
Mar 12 19:36:06 lx37 racoon: DEBUG: decrypted payload, but not trimed.
Mar 12 19:36:06 lx37 racoon: DEBUG: da104a49 6260c33d 98feeae4 9ffe6188 6d81bfd5 30d4d22b 359f7f79 73ff54af aa033333 c2fe5289 be0ecb38 864095a4 89018b18 af026583 4fb0a953 b920903c c9f24400 74601b66 af16fe43 82099a22 a5914655 cab888de
Mar 12 19:36:06 lx37 racoon: DEBUG: padding len=222
Mar 12 19:36:06 lx37 racoon: DEBUG: skip to trim padding.
Mar 12 19:36:06 lx37 racoon: DEBUG: decrypted.
Mar 12 19:36:06 lx37 racoon: DEBUG: 3e8e9ec7 50c7daa5 bb6b9a93 1644e9e5 0b100501 00000000 00000074 da104a49 6260c33d 98feeae4 9ffe6188 6d81bfd5 30d4d22b 359f7f79 73ff54af aa033333 c2fe5289 be0ecb38 864095a4 89018b18 af026583 4fb0a953 b920903c c9f24400 74601b66 af16fe43 82099a22 a5914655 cab888de
Mar 12 19:36:06 lx37 racoon: ERROR: ignore information because the message has no hash payload.


I can't see what's wrong and I didn't find anything in the web.

Thanks in advance and sorry for the long post.

Luis