|Summary:||security/racoon2: ipsec-tools racoon send error on some configuration|
|Product:||Ports & Packages||Reporter:||evd_sas|
|Component:||Individual Port(s)||Assignee:||Tobias Kortkamp <tobik>|
|Status:||Closed Feedback Timeout|
|Severity:||Affects Only Me||CC:||cy|
Description evd_sas 2016-08-10 08:58:33 UTC
Created attachment 173491 [details] racoon cant establish connection (cant sent packets) in some configurations Good day. I need encript some UDP-traffic. On previos releases (8.x, 9.x) I use this construction for setkey: spdadd 184.108.40.206 220.127.116.11 udp -P out ipsec esp/transport//require; But on version ipsec-tools-0.8.2_1, FreeBSD 10.3-RELEASE-p6 (and 10.1p9 ipsec-tools-0.8.2_1) this construction result racoon to: 2016-08-10 11:34:01: ERROR: phase1 negotiation failed due to send error. 192ac12870be2762:0000000000000000 , and by tcpdump I not see any packets from host. On the other hand, with construct spdadd 18.104.22.168 22.214.171.124 udp -P out ipsec esp/transport//require; (without specifying the port) it work fine. Attachment: Variant1 - without specifing the port Variant2 - specifing the port (in this example, port 123)
Comment 1 Tobias Kortkamp 2019-01-10 13:52:23 UTC
The bug is ~2.5 years old. No maintainer feedback so far. racoon2 has been updated in ports r487939 to a new maintained version that apparently fixes many issues. Is this still a problem?
Comment 2 Cy Schubert 2019-01-26 18:35:58 UTC
This now refers to racoon2-legacy which btw only works with the deprecated openssl. The racoon2 fork, maintained by a NetBSD committer, has fixed a lot of issues. Closure is probably the right thing to do.