Re: [Users] SPI problem between LinkSys VPN & FreeS/WAN ...

From: Garry Glendown (garry_at_regio.net)
Date: Tue Aug 06 2002 - 09:34:18 CEST

Ken Bantoft wrote:
>
> I made this work last week... here's my settings:
> [..]

Hm ... all options changed to what you propose - still no go ... same
result - for some strange reason, klips deletes the SPI/SA entry for the
incoming data, and any further data is dropped due to unknown SPI ...

Aug 6 09:24:12 vpn kernel: klips_debug:ipsec_tunnel_start_xmit: After
recursive xforms -- head,tailroom: 64,16
Aug 6 09:24:12 vpn kernel: klips_debug:ipsec_tunnel_start_xmit: With
hard_header, final head,tailroom: 50,16
Aug 6 09:24:12 vpn kernel: klips_debug:ipsec_tunnel_start_xmit:
...done, calling ip_send() on device:eth0
Aug 6 09:24:12 vpn kernel: klips_debug: IP: ihl:20 ver:4 tos:0
tlen:160 id:18047 frag_off:0 ttl:64 proto:50 chk:42091
saddr:212.218.64.35 daddr:217.226.160.97
Aug 6 09:24:12 vpn kernel: klips_debug:ipsec_rcv: <<< Info --
skb->dev=eth0 dev=eth0
Aug 6 09:24:12 vpn kernel: klips_debug:ipsec_rcv: assigning packet
ownership to virtual device ipsec0 from physical device eth0.
Aug 6 09:24:12 vpn kernel: klips_debug: IP: ihl:20 ver:4 tos:0
tlen:160 id:7 frag_off:0 ttl:26 proto:50 chk:4324 saddr:217.226.160.97
daddr:212.218.64.35
Aug 6 09:24:12 vpn kernel: klips_debug:gettdb: linked entry in tdb
table for hash=244 of SA:esp0xf4479d9f_at_212.218.64.35 requested.
Aug 6 09:24:12 vpn kernel: klips_debug:ipsec_rcv:
SA:esp0xf4479d9f_at_212.218.64.35, src=217.226.160.97 of pkt agrees with
expected SA source address policy.
Aug 6 09:24:12 vpn kernel: klips_debug:ipsec_rcv:
SA:esp0xf4479d9f_at_212.218.64.35 First SA in group.
Aug 6 09:24:12 vpn kernel: klips_debug:ipsec_rcv:
SA:esp0xf4479d9f_at_212.218.64.35 No previous backlink in group.
Aug 6 09:24:12 vpn kernel: klips_debug:ipsec_rcv: packet from
217.226.160.97 received with seq=0 (iv)=0xf8a6d535bfd188a9 iplen=160
esplen=128 sa=esp0xf4479d9f_at_212.218.64.35
Aug 6 09:24:12 vpn kernel: klips_debug:deltdbchain: passed
SA:esp0xf4479d9f_at_212.218.64.35
Aug 6 09:24:12 vpn kernel: klips_debug:deltdbchain: unlinking and
delting SA:esp0xf4479d9f_at_212.218.64.35<6>, inext=tun0x1003_at_212.218.64.35<6>.
Aug 6 09:24:12 vpn kernel: klips_debug:deltdb: deleting
SA:esp0xf4479d9f_at_212.218.64.35, hashval=244.
Aug 6 09:24:12 vpn kernel: klips_debug:deltdb: successfully deleted
first tdb in chain.
Aug 6 09:24:12 vpn kernel: klips_debug:deltdbchain: unlinking and
delting SA:tun0x1003_at_212.218.64.35<6>.
Aug 6 09:24:12 vpn kernel: klips_debug:deltdb: deleting
SA:tun0x1003_at_212.218.64.35, hashval=40.
Aug 6 09:24:12 vpn kernel: klips_debug:deltdb: successfully deleted
first tdb in chain.

What version of FreeS/WAN and the LinkSys are you running? 1.91 and
1.40.2 here ...

Ideas anybody?

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.4 : Tue Aug 06 2002 - 12:19:36 CEST