From: Stephen J. Bevan (stephen_at_dino.dnsalias.com)
Date: Wed Dec 25 2002 - 05:40:07 CET
Charles Duffy writes:
> Dec 24 17:56:31 localhost pluto[16200]: "ccd.vpn.isgenesis.com" #80: initiating
> Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS to replace #79
> Dec 24 17:56:31 localhost pluto[16200]: ERROR: "ccd.vpn.isgenesis.com" #80:
> pfkey write() of SADB_ADD message 156 for Add ESP SA esp.9f0baa80_at_192.168.1.145
> failed. Errno 22: Invalid argument
[snip]
> I'm really at a loss with regard to how to go about debugging this one; any
> available hints will be greatly appreciated.
Super FreeS/WAN 1.99_kb3 is the first version to contain NAT-T and my
selectors patch (buried inside the X.509 0.9.17 patch). You are the
first person to report attempting to NAT-T with selector support.
With that in mind I've seen "SADB_ADD invalid argument" a few times
during development when I managed to get the user-level and
kernel-level out of sync. so that pluto was built with one version of
lib and klips was built with another. That would be possible if you
installed _kb3 over an earlier version and you didn't cleanly install
both the user and kernel parts. If both the user-level and kernel are
reporting _kb3 then that can probably be ruled out. In that case, any
chance you could try out your scenario with an older version of Super
FreeS/WAN say, 1.99_kb2 or 1.99_kb1? If your scenario works with
either of those then it would definitely point the finger at a bad
NAT-T and selectors interaction. If your scenario still fails with
_kb[12] then I'm off the hook :-)
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Thu Dec 26 2002 - 05:21:13 CET