From: Charles Duffy (cduffy_at_spamcop.net)
Date: Wed Dec 25 2002 - 02:07:59 CET
The network:
Client:
Private IP 192.168.145.
Behind a NAT box (192.168.1.1) which forwards UDP port 500 to client.
Server:
eth0: Public IP <not given>.
eth1: 192.168.2.22. (on 192.168.2.0/24 subnet). Several other subnets also
exist which we wish the client to at some point access (ie.
192.168.4.0/24).
Authentication is done using X.509 certificates.
The following messages show up on the client (initiator):
Dec 24 17:56:31 localhost pluto[16200]: "ccd.vpn.isgenesis.com" #80: initiating
Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS to replace #79
Dec 24 17:56:31 localhost pluto[16200]: ERROR: "ccd.vpn.isgenesis.com" #80:
pfkey write() of SADB_ADD message 156 for Add ESP SA esp.9f0baa80_at_192.168.1.145
failed. Errno 22: Invalid argument
Dec 24 17:56:41 localhost pluto[16200]: ERROR: "ccd.vpn.isgenesis.com" #80:
pfkey write() of SADB_ADD message 157 for Add ESP SA esp.9f0baa80_at_192.168.1.145
failed. Errno 22: Invalid argument
Dec 24 17:56:46 localhost pluto[16200]: "ccd.vpn.isgenesis.com": terminating SAs
using this connection
Dec 24 17:56:46 localhost pluto[16200]: "ccd.vpn.isgenesis.com" #80: deleting
state (STATE_QUICK_I1)
I'm really at a loss with regard to how to go about debugging this one; any
available hints will be greatly appreciated.
While the full contents of "ipsec barf" are much, much too long to include here,
I'll gladly make them available upon request.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Thu Dec 26 2002 - 05:21:13 CET