Snort up and vanished …

  • Updated tonight from last release of RC2 to 2.0-RC3 (i386) built on Mon Jul 4 09:48:55 EDT 2011.

    Snort has up and disappeared, not in installed application list, nor available application list. I cleaned out the config.xml thinking that would at least provoke the package to re-appear in available packages but it  hasn't.

    I updated because I am seeing these errors in IPSEC

    Jul 5 00:53:56 racoon: [Peer 1 SES Boxes]: [] ERROR: phase1 negotiation failed.
    Jul 5 00:53:56 racoon: [Peer 1 SES Boxes]: [
    ] ERROR: failed to pre-process ph1 packet [Check Phase 1 settings, lifetime, algorithm] (side: 1, status 1).
    Jul 5 00:53:56 racoon: [Peer 1 SES Boxes]: [**] ERROR: failed to get valid proposal.
    Jul 5 00:53:56 racoon: ERROR: no suitable proposal found.
    Jul 5 00:53:56 racoon: INFO: received Vendor ID: DPD
    Jul 5 00:53:56 racoon: INFO: begin Identity Protection mode.
    Jul 5 00:53:56 racoon: [Peer 1 SES Boxes]: INFO: respond new phase 1 negotiation: [500]<=>[500]

    the connection WORKS !!!! it is usable I can RDP into the foreign system and there are no connections available to it without using the VPN, I have an identical connection to a gateway one IP higher and it isn't reporting any error, I repeat the connection is fine, this error is spurious and incorrect and is repeating itself constantly every 4 seconds even though nothing on my LAN is trying to access the remote system (dead peer detection is disabled). This is the SECOND IPSEC to be defined and the lowest in the GUI display, the first in the list reports no errors. If I disable IPSEC I can't access the remote systems so something is messed up here.

    Questions : 1 Where has Snort gone and 2 what is wrong with IPSEC ?

  • Already posted; here's the answer to snort.,38375.0.html :)

    don't know the other answer.

  • Thanks - I did do a search but never found that.

    The IPSEC issue remains and is a mystery …