Darren Reed <darrenr%netbsd.org@localhost> writes: > /tmp/rac.log.2:DEBUG: pfkey GETSPI sent: ESP/Tunnel > 141.161.4.77[4500]->10.1.3.254[4500] > /tmp/rac.log.2:DEBUG: pfkey getspi sent. > /tmp/rac.log.2:DEBUG: got pfkey GETSPI message > /tmp/rac.log.2:DEBUG: pfkey GETSPI succeeded: ESP/Tunnel > 141.161.4.77[500]->10.1.3.254[500] spi=70491361(0x4339ce1) > /tmp/rac.log.2:DEBUG: call pfkey_send_update2 > /tmp/rac.log.2:DEBUG: pfkey update sent. > /tmp/rac.log.2:DEBUG: call pfkey_send_add2 (NAT flavor) > /tmp/rac.log.2:DEBUG: call pfkey_send_add2 > /tmp/rac.log.2:DEBUG: pfkey add sent. > /tmp/rac.log.2:DEBUG: got pfkey UPDATE message > /tmp/rac.log.2:ERROR: pfkey UPDATE failed: No such file or directory > /tmp/rac.log.2:DEBUG: got pfkey ADD message > > I suspect that there is either something wrong with the PF_KEY > message generated for "pfkey add sent." or the following update > message. The two versions of racoon are not the same - one is > the "rewrite" (doesn't work) and one is an older version (works). Agreed; this looks like the spot. Use 'setkey -x' to dump the message. It's possible racoon is not consistently handling the NAT part.
Attachment:
pgpkwmOo55yT4.pgp
Description: PGP signature