-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 6 Jun 2002, Norm Dressler wrote:
> Jun 5 21:12:20 firewall Pluto[290]: "PGPClients" #176: responding to
> Quick Mode
> Jun 5 21:12:20 firewall Pluto[290]: "PGPClients" #176: ERROR: PF_KEY
> SADB_X_ADDFLOW response for flow tun.102a_at_24.150.250.x included errno
> 250: Unknown error 250
> Jun 5 21:13:30 firewall Pluto[290]: "PGPClients" #176: max number of
> retransmissions (2) reached STATE_QUICK_R1
> Jun 5 21:13:30 firewall Pluto[290]: "PGPClients" #176: ERROR: PF_KEY
> SADB_DELETE response for Delete SA esp.2e2f0906_at_204.187.140.x included
> errno 3: No such process
I've snipped out some of the other error messages so that this might be
clearer. PF_KEY SADB_X_ADDFLOW is a hack to pfkeyv2, to allow it to add
eroutes. Essentially, FreeS/WAN has been asked to add an eroute to a
destination, but it is failing.
Why? My guess is perhaps a tunnel to that destination may already exist, and
hasn't expired. Perhaps these Win98 customers are timing out, and then
trying to reconnect, but FreeS/WAN isn't allowing them to renegotiate a
connection (because it already thinks on is in place to this destination).
That's my theory, at least. Check the output of "ipsec auto --status" to
see if this is true. If you deleted those routes, those users should be
able to connect. Try that, and then let us know if that turns out to be
the failure.
Sam Sgro
sam_at_freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPP+u+UOSC4btEQUtAQF2GwQAhHDfDXLVHNJsVNoKzOK7icGabcVVzYQS
ZX/UJwYIWx3zMJjEmrVcjqyJrQFJhVKGi6VbHlf14OATZSsMssQSq/Ur9spj9L6/
ZWFJZRorGKqESPBgM03dbUgbeDQ1XENCYyqGyXRp1f58fRM/9Cts4u++2d+8R1RI
Hndx1QUV24E=
=pAhs
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:13 CEST