From: Ken Bantoft (ken_at_freeswan.ca)
Date: Wed Dec 25 2002 - 07:47:49 CET
-----BEGIN PGP SIGNED MESSAGE-----
As it says in the README.SUPERFS - NAT-T with the port selectors is
untested, so I'm not totally surprised. I've also not offically announced
_kb3 for similar reasons... it's there, but I can only say "works for me"
in my limited testing (which doesn't include NAT-T)
I'd check whack/pluto binaries for sure... and when I get a chance I'll
dig a bit deeper into the code, but my currently semi-fogged holiday mind
doesn't see anything that jumps out.
If pluto/whack are good, then revert to _kb2 and see if it goes away...
On Tue, 24 Dec 2002, Stephen J. Bevan wrote:
> Charles Duffy writes:
> > Dec 24 17:56:31 localhost pluto[16200]: "ccd.vpn.isgenesis.com" #80: initiating
> > Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS to replace #79
> > Dec 24 17:56:31 localhost pluto[16200]: ERROR: "ccd.vpn.isgenesis.com" #80:
> > pfkey write() of SADB_ADD message 156 for Add ESP SA esp.9f0baa80_at_192.168.1.145
> > failed. Errno 22: Invalid argument
> [snip]
> > I'm really at a loss with regard to how to go about debugging this one; any
> > available hints will be greatly appreciated.
>
> Super FreeS/WAN 1.99_kb3 is the first version to contain NAT-T and my
> selectors patch (buried inside the X.509 0.9.17 patch). You are the
> first person to report attempting to NAT-T with selector support.
> With that in mind I've seen "SADB_ADD invalid argument" a few times
> during development when I managed to get the user-level and
> kernel-level out of sync. so that pluto was built with one version of
> lib and klips was built with another. That would be possible if you
> installed _kb3 over an earlier version and you didn't cleanly install
> both the user and kernel parts. If both the user-level and kernel are
> reporting _kb3 then that can probably be ruled out. In that case, any
> chance you could try out your scenario with an older version of Super
> FreeS/WAN say, 1.99_kb2 or 1.99_kb1? If your scenario works with
> either of those then it would definitely point the finger at a bad
> NAT-T and selectors interaction. If your scenario still fails with
> _kb[12] then I'm off the hook :-)
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
>
- --
Ken Bantoft The Unoffical FreeS/WAN Site:
ken_at_freeswan.ca http://www.freeswan.ca
PGP Key: finger ken_at_bantoft.org
"We can factor the number 15 with quantum computers. We
can also factor the number 15 with a dog trained to bark
three times." -- Robert Harley, 5/12/01, Sci.crypt
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBPglUmFiWUusaxGxpAQEpNgP9HwJh0BlvasjmON+N8N+BQi1wSDpOladH
yKbNRu8qtG3t14f3S/K3AJ9X2mYaaRtUFF7+OkMe5Tdf+1q6AZSkhdGXqfesgKtg
ug7bkKl/n+MIzC0S0nc2C0ypDrc5hjlHLIcCAIv7t/HV8CFlWd64fYb5dEOqY1Mu
OadUeFLppUo=
=NzhA
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Thu Dec 26 2002 - 05:21:13 CET