racoon and usbnet nic = no IPSEC

["Konstantin V. Gavrilenko" <mlists@arhont.com>]

Hi guys,

just thought I'd share my experience of last several days.

Had to change the external nic on the gateway box from standard pci device, to a 
usb nic. turned the machine on, everything goes as planned, but no ipsec tunnels 
go up.


Spent couple of days solving the f*^&king problem, tried different kernels 
(2.6.9-2.6.11) and ipsec-tools versions, thought I was going mental.

Only to to find out that my USB Netgear FA-120 would not "work with ipsec".


for some reason, kernel can no create SAs.
Even if you set the tunnels manually, it is still a no go.


The logs are full of:

2005-03-07 15:17:20: ERROR: phase2 negotiation failed due to time up waiting for 
phase1. ESP xxx.xxx.xxx.bbb->xxx.xxx.xxx.aaa
2005-03-07 15:17:20: INFO: delete phase 2 handler.
2005-03-07 15:17:24: ERROR: can't start the quick mode, there is no valid 
ISAKMP-SA, 530bc0362f36f1ed:9673792c0daa890f



Anyone has any suggestions of why this was happening?

I can post more info if developers are interested.


-- 
Respectfully,
Konstantin V. Gavrilenko

Arhont Ltd - Information Security

web:    http://www.arhont.com
	http://www.wi-foo.com
e-mail: k.gavrilenko@arhont.com

tel: +44 (0) 870 44 31337
fax: +44 (0) 117 969 0141

PGP: Key ID - 0x4F3608F7
PGP: Server - keyserver.pgp.com