On Fri 21 Jun 2002 at 00:05:34 +0200, Olaf Seibert wrote:
> This is from the racoon -d -d log on the VAX side (xzan, 10.0.0.7):
> watch the "Invalid argument" error.

I have been experimenting a bit more - since my failure was that my VAX
set only the key for one firection of traffic but the Alpha did it for
both, I wrote a little script to manually set the missing key on the
VAX, like this:

setkey -c <<EOF
add 10.0.0.5 10.0.0.7
        esp 24004415
        -m transport
        -E 3des-cbc 0x8b8ed9f6134d1ccfceb29146ac6784c153f3193ebfed6ac3
        -A hmac-sha1  0xef563618c1a331cfb1409cfb0cb493620fe29415;
dump;
EOF

To my surprise, this did add a key but an incorrect one: all the numeric
values apart from the IP addresses were different.

To verify the principle of my test, I ran the same script on the Alpha
(10.0.0.5) and there it worked OK.

I re-ran the same script with small corrections several times. The 3rd
or 4th time the VAX spontaneously rebooted - no panic, ddb or crash dump.

-Olaf.
-- 
___ Olaf 'Rhialto' Seibert - rhialto@       -- Woe betide the one who feels
\X/ polderland.nl  -- remorse without sin - Tom Poes, "Het boze oog", 4444.