Bug 211719 - security/racoon2: ipsec-tools racoon send error on some configuration
Summary: security/racoon2: ipsec-tools racoon send error on some configuration
Status: Closed Feedback Timeout
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Only Me
Assignee: Tobias Kortkamp
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-08-10 08:58 UTC by evd_sas
Modified: 2019-01-26 18:35 UTC (History)
1 user (show)

See Also:


Attachments
racoon cant establish connection (cant sent packets) in some configurations (11.45 KB, application/download)
2016-08-10 08:58 UTC, evd_sas
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description evd_sas 2016-08-10 08:58:33 UTC
Created attachment 173491 [details]
racoon cant establish connection (cant sent packets) in some configurations

Good day. 
I need encript some UDP-traffic. On previos releases (8.x, 9.x) I use this construction for setkey:
spdadd 89.221.63.26[123]            89.221.63.7[123]     udp -P out  ipsec esp/transport//require;
But on version ipsec-tools-0.8.2_1, FreeBSD 10.3-RELEASE-p6 (and 10.1p9 ipsec-tools-0.8.2_1) this construction result racoon to:
2016-08-10 11:34:01: ERROR: phase1 negotiation failed due to send error. 192ac12870be2762:0000000000000000
, and by tcpdump I not see any packets from host.

On the other hand, with construct 
spdadd 89.221.63.26            89.221.63.7     udp -P out  ipsec esp/transport//require;
(without specifying the port) it work fine.

Attachment: 
Variant1 - without specifing the port
Variant2 - specifing the port (in this example, port 123)
Comment 1 Tobias Kortkamp freebsd_committer 2019-01-10 13:52:23 UTC
The bug is ~2.5 years old.  No maintainer feedback so far.

racoon2 has been updated in ports r487939 to a new maintained version that
apparently fixes many issues.  Is this still a problem?
Comment 2 Cy Schubert freebsd_committer 2019-01-26 18:35:58 UTC
This now refers to racoon2-legacy which btw only works with the deprecated openssl. The racoon2 fork, maintained by a NetBSD committer, has fixed a lot of issues.

Closure is probably the right thing to do.