tech-crypto: Problem with isakmpd and Windows 2000

Subject: Problem with isakmpd and Windows 2000
To: None <tech-crypto@netbsd.org>
From: Matt Hempel <matt@epana.com>
List: tech-crypto
Date: 07/09/2001 13:19:25
I've been looking for alternatives to racoon for IKE on netbsd.  isakmpd 
was one option, but it (build isakmpd-20010403) bombs with anguish when 
trying to connect to Win2K via IPSEC:

bash-2.05# isakmpd -d
130734.432125 Default pf_key_v2_flow: SPDDELETE: Invalid argument
isakmpd in free(): warning: junk pointer, too high to make sense.
130735.373160 Default pf_key_v2_flow: SPDDELETE: Invalid argument
isakmpd in free(): warning: junk pointer, too high to make sense.
130737.373135 Default pf_key_v2_flow: SPDDELETE: Invalid argument
isakmpd in free(): warning: junk pointer, too high to make sense.
130741.376222 Default pf_key_v2_flow: SPDDELETE: Invalid argument
isakmpd in free(): warning: junk pointer, too high to make sense.
130749.382796 Default pf_key_v2_flow: SPDDELETE: Invalid argument
isakmpd in free(): warning: junk pointer, too high to make sense.

as these errors were presented, the box spewed packets to the Win2K box in 
rapid succession:

13:08:07.425812 damascus.bogus.com.isakmp > winbloze.bogus.com.isakmp: 
isakmp: phase 1 ? ident[E]: [|id]
13:08:07.426245 damascus.bogus.com.isakmp > winbloze.bogus.com.isakmp: 
isakmp: phase 1 ? ident[E]: [|id]
13:08:07.426677 damascus.bogus.com.isakmp > winbloze.bogus.com.isakmp: 
isakmp: phase 1 ? ident[E]: [|id]
13:08:07.427108 damascus.bogus.com.isakmp > winbloze.bogus.com.isakmp: 
isakmp: phase 1 ? ident[E]: [|id]
13:08:07.427538 damascus.bogus.com.isakmp > winbloze.bogus.com.isakmp: 
isakmp: phase 1 ? ident[E]: [|id]
13:08:07.427967 damascus.bogus.com.isakmp > winbloze.bogus.com.isakmp: 
isakmp: phase 1 ? ident[E]: [|id]
13:08:07.428405 damascus.bogus.com.isakmp > winbloze.bogus.com.isakmp: 
isakmp: phase 1 ? ident[E]: [|id]
13:08:07.428834 damascus.bogus.com.isakmp > winbloze.bogus.com.isakmp: 
isakmp: phase 1 ? ident[E]: [|id]
13:08:07.429267 damascus.bogus.com.isakmp > winbloze.bogus.com.isakmp: 
isakmp: phase 1 ? ident[E]: [|id]
13:08:07.429695 damascus.bogus.com.isakmp > winbloze.bogus.com.isakmp: 
isakmp: phase 1 ? ident[E]: [|id]
13:08:07.430154 damascus.bogus.com.isakmp > winbloze.bogus.com.isakmp: 
isakmp: phase 1 ? ident[E]: [|id]

Anybody have success with isakmpd?  Is there a more stable version I should 
seek?  I found only scarce docs around.

--matt