Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?

To: ipsec-tools-devel%lists.sourceforge.net@localhost
Subject: Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?
From: VANHULLEBUS Yvan <vanhu%free.fr@localhost>
Date: Mon, 27 Oct 2008 09:50:06 +0100

On Sun, Oct 26, 2008 at 12:31:21PM +0100, S.P.Zeidler wrote:
> Hi,

Hi.

> before I unpack digging equipment:
> 
> is it old news that racoon and a kernel with NAT-T [1] will result in a
> failure to do IPSEC because the pfkey update about NAT-T fails in phase 2
> and racoon decides to fail the entire connection?

As asked by other people, what are the exact versions of racoon and
NetBSD you're running ?
If you're running NetBSD-current and racoon-HEAD (which is probably
the shipped version with NetBSD-current), yes, it may be a well known
problem in PFKey interface, I started to clean it but it will need
more works on both kernel and userland.

> And also that you may get 'racoon: stack overflow detected; terminated'
> when using racoon -F -d and IPv6 at the same time? The latter is
> restricted to the debug mode, just racoon -F doesn't go splat.

Definitely looks like a bug :-)

Can you provide us more informations about that (a backtrace, some
more logs, etc...) ?

Yvan.

Follow-Ups:
- Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?
  - From: S.P.Zeidler
- Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?
  - From: S.P.Zeidler

References:
- racoon+NAT-T and racoon+debug+IPv6 not so happy?
  - From: S.P.Zeidler

Prev by Date: Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?
Next by Date: build failure - nfs_boot
Previous by Thread: Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?
Next by Thread: Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?
Indexes:

Home | Main Index | Thread Index | Old Index