tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: IPsec vs ssh

Darren Reed <> writes:

> /tmp/rac.log.2:DEBUG: pfkey GETSPI sent: ESP/Tunnel
> /tmp/rac.log.2:DEBUG: pfkey getspi sent.
> /tmp/rac.log.2:DEBUG: got pfkey GETSPI message
> /tmp/rac.log.2:DEBUG: pfkey GETSPI succeeded: ESP/Tunnel
>[500]->[500] spi=70491361(0x4339ce1)
> /tmp/rac.log.2:DEBUG: call pfkey_send_update2
> /tmp/rac.log.2:DEBUG: pfkey update sent.
> /tmp/rac.log.2:DEBUG: call pfkey_send_add2 (NAT flavor)
> /tmp/rac.log.2:DEBUG: call pfkey_send_add2
> /tmp/rac.log.2:DEBUG: pfkey add sent.
> /tmp/rac.log.2:DEBUG: got pfkey UPDATE message
> /tmp/rac.log.2:ERROR: pfkey UPDATE failed: No such file or directory
> /tmp/rac.log.2:DEBUG: got pfkey ADD message
> I suspect that there is either something wrong with the PF_KEY
> message generated for "pfkey add sent." or the following update
> message. The two versions of racoon are not the same - one is
> the "rewrite" (doesn't work) and one is an older version (works).

Agreed; this looks like the spot.  Use 'setkey -x' to dump the message.
It's possible racoon is not consistently handling the NAT part.

Attachment: pgpkwmOo55yT4.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index