No inbound SAD entry present in Racoon ipsec

Durga@84 · 08-21-2019, 04:42 AM

Hi,

I am testing the racoon ipsec between two ubuntu machines. SPD is populated correctly, but In SAD, only outbound entry present, there is no inbound entry.

This is my ipsec-tools.conf file in one of my machines

## Flush the SAD and SPD
#
flush;
spdflush;

spdadd -6 2012::1 2012::2 any -P out ipsec
esp/transport//require;

spdadd -6 2012::2 2012::1 any -P in ipsec
esp/transport//require;

-------------------------------------------------
This is my racoon.conf file:
=============================
log notify;
path pre_shared_key "/etc/racoon/psk.txt";
#path certificate "/etc/racoon/certs";

remote 2012::2 {
exchange_mode main;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group modp1024;
}
generate_policy off;
}

sainfo address 2012::1 any address 2012::2 any {
pfs_group modp768;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate

This is my preshared key file and I changed this file mode to 600
/etc/racoon/psk.txt

# IPv4/v6 addresses
2012::2 verysecret

While checking in SAD entries by using command setkey -D
only outbound entry found, no inbound entry.

Please help me to narrow the issue.

Thanks,
Durga K

OliverS · 09-06-2019, 12:32 PM

Quote:

Originally Posted by Durga@84

Hi,

I am testing the racoon ipsec between two ubuntu machines. SPD is populated correctly, but In SAD, only outbound entry present, there is no inbound entry.

This is my ipsec-tools.conf file in one of my machines

## Flush the SAD and SPD
#
flush;
spdflush;

spdadd -6 2012::1 2012::2 any -P out ipsec
esp/transport//require;

spdadd -6 2012::2 2012::1 any -P in ipsec
esp/transport//require;

-------------------------------------------------
This is my racoon.conf file:
=============================
log notify; usps tracking
path pre_shared_key "/etc/racoon/psk.txt";
#path certificate "/etc/racoon/certs";

remote 2012::2 {
exchange_mode main;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group modp1024;
}
generate_policy off;
}

sainfo address 2012::1 any address 2012::2 any {
pfs_group modp768;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate

This is my preshared key file and I changed this file mode to 600
/etc/racoon/psk.txt

# IPv4/v6 addresses
2012::2 verysecret

While checking in SAD entries by using command setkey -D
only outbound entry found, no inbound entry.

Please help me to narrow the issue.

Thanks,
Durga K

I am also facing the same issue here too. Help is appreciated.

Thanks in advance.
Regards,
Oliver

Durga@84 · 09-06-2019, 10:05 PM

Hi Oliver,

I did one configuration mistake. After removing that configuration, tunnel got established.

Please paste your configurations(both sid e onfigurations). I will check.

Regards,
Durga K