Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?

To: current-users%NetBSD.org@localhost, ipsec-tools-devel%lists.sourceforge.net@localhost
Subject: Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?
From: Timo Teräs <timo.teras%iki.fi@localhost>
Date: Mon, 27 Oct 2008 09:00:22 +0200

S.P.Zeidler wrote:
> before I unpack digging equipment:
> 
> is it old news that racoon and a kernel with NAT-T [1] will result in a
> failure to do IPSEC because the pfkey update about NAT-T fails in phase 2
> and racoon decides to fail the entire connection?

Is this a recent regression? What version you are using? Latest CVS?
Tomas / Yvan did some NAT-T related stuff on 2008-09-03/-09-09. Those
might be related.

> And also that you may get 'racoon: stack overflow detected; terminated'
> when using racoon -F -d and IPv6 at the same time? The latter is
> restricted to the debug mode, just racoon -F doesn't go splat.

I haven't really used racoon with IPv6, but this definitely sounds like
a bug. If you can provide a backtrace that'd be great.

Cheers,
  Timo

References:
- racoon+NAT-T and racoon+debug+IPv6 not so happy?
  - From: S.P.Zeidler

Prev by Date: Re: 2 wished-for Kerberos projects
Next by Date: Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?
Previous by Thread: Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?
Next by Thread: Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?
Indexes:

Home | Main Index | Thread Index | Old Index