Find the answer to your Linux question:
Results 1 to 2 of 2
Can someone tell me what this means? I can't figure out what is going wrong with my IPSec setup. I'm using RHEL4 with a 2.6 kernel and the latest version ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2007
    Posts
    8

    IPSec w/ RHEL4 - Racoon error messages


    Can someone tell me what this means? I can't figure out what is going wrong with my IPSec setup. I'm using RHEL4 with a 2.6 kernel and the latest version of IPSec-tools from Sourceforge.

    Code:
    2007-03-29 13:13:53: INFO: @(#)ipsec-tools 0.6.6 (http://ipsec-tools.sourceforge.net)
    2007-03-29 13:13:53: INFO: @(#)This product linked OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/)
    2007-03-29 13:13:53: INFO: ###.###.###.###[500] used as isakmp port (fd=5)
    2007-03-29 13:14:12: INFO: respond new phase 1 negotiation: ###.###.###.###[500]<=>###.###.###.###[500]
    2007-03-29 13:14:12: INFO: begin Identity Protection mode.
    2007-03-29 13:14:13: INFO: ISAKMP-SA established ###.###.###.###[500]-###.###.###.###[500] spi:312c6b7d5df62730:6b4e551576503ae8
    2007-03-29 13:14:14: INFO: respond new phase 2 negotiation: ###.###.###.###[0]<=>###.###.###.###[0]
    2007-03-29 13:14:14: ERROR: pfs group mismatched: my:2 peer:0
    2007-03-29 13:14:14: ERROR: not matched
    2007-03-29 13:14:14: ERROR: no suitable policy found.
    2007-03-29 13:14:14: ERROR: failed to pre-process packet.
    This seems to be saying that my DH group is 2 in racoon and 0 on the remote machine. However I have the DH/PFS group set to 2 everywhere. Possible miscommunication?

  2. #2
    Just Joined!
    Join Date
    Jan 2007
    Posts
    8
    I figured it out. I wasn't using pfs on the connecting host. I simply erased the 'pfs 2' line out of the config file and it worked. Hopefully this post will help someone in the future.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •