IPsec & Racoon problems

SatelliteX · #1 7th January 2007, 02:58 AM

I am trying to set up IPSEC NET2NET on FC6 with one of the machines behind a NAT firewall. I followed the insturctions for NAT-T but keep on getting LIBIPSEC error.
Does anyone know how to overcome this?

Jan 6 15:07:45 scout racoon: INFO: IPsec-SA expired: AH/Tunnel XXX.XXX.XXX.XXX[0]->192.168.1.90[0] spi=66267301(0x3f328a5)
Jan 6 15:07:45 scout racoon: INFO: IPsec-SA expired: ESP/Tunnel XXX.XXX.XXX.XXX[0]->192.168.1.90[0] spi=208885747(0xc7357f3)
Jan 6 15:07:47 scout racoon: INFO: initiate new phase 2 negotiation: 192.168.1.90[4500]<=>XXX.XXX.XXX.XXX[4500]
Jan 6 15:07:47 scout racoon: INFO: NAT detected -> UDP encapsulation (ENC_MODE 1->3).
Jan 6 15:07:47 scout racoon: INFO: NAT detected -> UDP encapsulation (ENC_MODE 1->3).
Jan 6 15:07:47 scout racoon: INFO: Adjusting my encmode UDP-Tunnel->Tunnel
Jan 6 15:07:47 scout racoon: INFO: Adjusting peer's encmode UDP-Tunnel(3)->Tunnel(1)
Jan 6 15:07:47 scout racoon: INFO: Adjusting my encmode UDP-Tunnel->Tunnel
Jan 6 15:07:47 scout racoon: INFO: Adjusting peer's encmode UDP-Tunnel(3)->Tunnel(1)
Jan 6 15:07:47 scout racoon: ERROR: libipsec failed send update_nat (No algorithm specified)
Jan 6 15:07:47 scout racoon: ERROR: pfkey update failed.
Jan 6 15:07:47 scout racoon: ERROR: failed to process packet.
Jan 6 15:07:47 scout racoon: ERROR: phase2 negotiation failed

ekimd · #2 9th December 2007, 06:46 PM

Did you ever find a solution to this?

SatelliteX · #3 10th December 2007, 12:53 AM

Nope, no solution yet.

ekimd · #4 12th January 2008, 08:14 PM

I got around this by making my ipsec box my NAT box too.