Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?

On Sun, Oct 26, 2008 at 12:31:21PM +0100, S.P.Zeidler wrote:
> Hi,


> before I unpack digging equipment:
> is it old news that racoon and a kernel with NAT-T [1] will result in a
> failure to do IPSEC because the pfkey update about NAT-T fails in phase 2
> and racoon decides to fail the entire connection?

As asked by other people, what are the exact versions of racoon and
NetBSD you're running ?
If you're running NetBSD-current and racoon-HEAD (which is probably
the shipped version with NetBSD-current), yes, it may be a well known
problem in PFKey interface, I started to clean it but it will need
more works on both kernel and userland.

> And also that you may get 'racoon: stack overflow detected; terminated'
> when using racoon -F -d and IPv6 at the same time? The latter is
> restricted to the debug mode, just racoon -F doesn't go splat.

Definitely looks like a bug :-)

Can you provide us more informations about that (a backtrace, some
more logs, etc...) ?


Home | Main Index | Thread Index | Old Index