Subject: Re: IPSEC still fails on BETA2/vax
To: None <current-users@netbsd.org, port-vax@netbsd.org>
From: Olaf Seibert <rhialto@polderland.nl>
List: port-vax
Date: 07/09/2002 00:15:22
On Fri 21 Jun 2002 at 00:05:34 +0200, Olaf Seibert wrote:
> This is from the racoon -d -d log on the VAX side (xzan, 10.0.0.7):
> watch the "Invalid argument" error.
I have been experimenting a bit more - since my failure was that my VAX
set only the key for one firection of traffic but the Alpha did it for
both, I wrote a little script to manually set the missing key on the
VAX, like this:
setkey -c <<EOF
add 10.0.0.5 10.0.0.7
esp 24004415
-m transport
-E 3des-cbc 0x8b8ed9f6134d1ccfceb29146ac6784c153f3193ebfed6ac3
-A hmac-sha1 0xef563618c1a331cfb1409cfb0cb493620fe29415;
dump;
EOF
To my surprise, this did add a key but an incorrect one: all the numeric
values apart from the IP addresses were different.
To verify the principle of my test, I ran the same script on the Alpha
(10.0.0.5) and there it worked OK.
I re-ran the same script with small corrections several times. The 3rd
or 4th time the VAX spontaneously rebooted - no panic, ddb or crash dump.
-Olaf.
--
___ Olaf 'Rhialto' Seibert - rhialto@ -- Woe betide the one who feels
\X/ polderland.nl -- remorse without sin - Tom Poes, "Het boze oog", 4444.