Bug 211719

Summary: security/racoon2: ipsec-tools racoon send error on some configuration
Product: Ports & Packages Reporter: evd_sas
Component: Individual Port(s)Assignee: Tobias Kortkamp <tobik>
Status: Closed Feedback Timeout    
Severity: Affects Only Me CC: cy
Priority: ---    
Version: Latest   
Hardware: amd64   
OS: Any   
Description Flags
racoon cant establish connection (cant sent packets) in some configurations none

Description evd_sas 2016-08-10 08:58:33 UTC
Created attachment 173491 [details]
racoon cant establish connection (cant sent packets) in some configurations

Good day. 
I need encript some UDP-traffic. On previos releases (8.x, 9.x) I use this construction for setkey:
spdadd[123]  [123]     udp -P out  ipsec esp/transport//require;
But on version ipsec-tools-0.8.2_1, FreeBSD 10.3-RELEASE-p6 (and 10.1p9 ipsec-tools-0.8.2_1) this construction result racoon to:
2016-08-10 11:34:01: ERROR: phase1 negotiation failed due to send error. 192ac12870be2762:0000000000000000
, and by tcpdump I not see any packets from host.

On the other hand, with construct 
spdadd       udp -P out  ipsec esp/transport//require;
(without specifying the port) it work fine.

Variant1 - without specifing the port
Variant2 - specifing the port (in this example, port 123)
Comment 1 Tobias Kortkamp freebsd_committer 2019-01-10 13:52:23 UTC
The bug is ~2.5 years old.  No maintainer feedback so far.

racoon2 has been updated in ports r487939 to a new maintained version that
apparently fixes many issues.  Is this still a problem?
Comment 2 Cy Schubert freebsd_committer 2019-01-26 18:35:58 UTC
This now refers to racoon2-legacy which btw only works with the deprecated openssl. The racoon2 fork, maintained by a NetBSD committer, has fixed a lot of issues.

Closure is probably the right thing to do.