Ralf Spenneberg [Mon, Sep 01, 2003 at 10:06:05AM +0200]:
> > Actually not, I am not getting the cvs source compiled.
> > Can you send me isakmpd compiled, gzipped via mail?
> Here you are. Version 20030812 (not containing AES in Phase 1) compiled
> against -test4
> I have compiled but not yet tested the Version 20030901 (containing AES
> in Phase 1) too. Tell me, if you want me to send it too.
> Please tell me if you are successful.
yes.no.
I don't know.
with sv-linux-vpn:~# ./isakmpd -d
and bruehe:~# ./isakmpd -d
there are no error messages.
With -DA=50 it looks fine,too.
with -DA=99 I get errors on one host:
123637.381945 Misc 95 conf_get_str: configuration value not found [QM-ESP-TRP-DES-SHA2-256-PFS-GRP1-XF]:AUTHENTICATION_ALGORITHM
123637.381990 Misc 95 conf_set: [QM-ESP-TRP-DES-SHA2-256-PFS-GRP1-XF]:AUTHENTICATION_ALGORITHM->HMAC_SHA2_256
123637.382033 Misc 95 conf_get_str: configuration value not found [QM-ESP-TRP-DES-SHA2-256-PFS-GRP1-XF]:GROUP_DESCRIPTION
123637.382076 Misc 95 conf_set: [QM-ESP-TRP-DES-SHA2-256-PFS-GRP1-XF]:GROUP_DESCRIPTION->MODP_768
123637.382119 Misc 95 conf_get_str: configuration value not found [QM-ESP-TRP-DES-SHA2-256-PFS-GRP1-XF]:Life
123637.382161 Misc 95 conf_set: [QM-ESP-TRP-DES-SHA2-256-PFS-GRP1-XF]:Life->LIFE_QUICK_MODE
This repeats some times..
I am currently not clear with one point: does isakmpd add the routes
or an extra device?
After starting both daemons with -DA=99, the last messages are:
sv-linux-vpn:
123849.642555 Sdep 80 pf_key_v2_read: msg:
123849.642569 Sdep 80 020e1100 02000000 07000000 f1060000
123849.642580 Sdep 50 pf_key_v2_flow: SPDADD returns EEXIST
123849.642588 Sdep 50 pf_key_v2_flow: SPDADD: done
123849.642597 SA 90 sa_find: no SA matched query
123849.642608 SA 80 sa_release: SA 0x82af1b8 had 4 references
123849.642620 Trpt 95 transport_release: transport 0x82a7fc0 had 3 references
123849.642630 Trpt 95 transport_release: transport 0x82a78c8 had 3 references
123849.642639 Trpt 95 transport_release: transport 0x82a8388 had 2 references
123849.642647 Trpt 95 transport_release: transport 0x82a86d8 had 2 references
123849.642656 Trpt 95 transport_release: transport 0x82a8ae0 had 2 references
bruehe:
123851.290144 Trpt 95 transport_release: transport 0x82afbe0 had 1 references
123851.290173 Trpt 70 transport_release: freeing 0x82afbe0
123851.290203 SA 80 sa_release: SA 0x82ae7d0 had 6 references
123851.290251 Trpt 95 transport_reference: transport 0x82ac598 now has 2 references
123851.290286 Trpt 95 transport_reference: transport 0x82ab5f8 now has 3 references
123851.290318 Trpt 95 transport_reference: transport 0x82a80e8 now has 2 references
123851.290350 Trpt 95 transport_reference: transport 0x82a84b0 now has 2 references
123851.290382 Trpt 95 transport_reference: transport 0x82a8800 now has 2 references
123851.290414 Trpt 95 transport_reference: transport 0x82a8c08 now has 2 references
123851.290464 Trpt 95 transport_release: transport 0x82ac598 had 2 references
123851.290495 Trpt 95 transport_release: transport 0x82ab5f8 had 3 references
123851.294231 Trpt 95 transport_release: transport 0x82a80e8 had 2 references
123851.294273 Trpt 95 transport_release: transport 0x82a84b0 had 2 references
123851.294304 Trpt 95 transport_release: transport 0x82a8800 had 2 references
123851.294333 Trpt 95 transport_release: transport 0x82a8c08 had 2 references
but no routing is there and pings do not work:
sv-linux-vpn:~# ping 192.168.23.1
PING 192.168.23.1 (192.168.23.1) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
bruehe:~# ping 10.0.1.18
PING 10.0.1.18 (10.0.1.18) 56(84) bytes of data.
then I get
From 195.62.99.49 icmp_seq=31 Packet filtered
this sometime..
Anyone any idea?
Nico
--
quote: there are two time a day you should do nothing: before 12 and after 12
(Nico Schottelius after writin' a very senseless email)
cmd: echo God bless America | sed 's/.*\(A.*\)$/Why \1?/'
pgp: new id: 0x8D0E27A4 | ftp.schottelius.org/pub/familiy/nico/pgp-key.new
url: http://nerd-hosting.net - domains for nerds (from a nerd)
Attachment:
pgp00095.pgp
Description: PGP signature
