tech-net: Re: isakmpd on ipv6

Subject: Re: isakmpd on ipv6
To: Wolfgang Rupprecht <wolfgang+gnus20020202T144335@wsrcc.com>
From: Hakan Olsson <ho@crt.se>
List: tech-net
Date: 02/03/2002 11:13:47
I think there has been some small fixes to the code that may not have made
it's way into pkgsrc yet. Could you try to get a -current version from the
OpenBSD CVS repository? Just look at the patches added to the code in the
pkgsrc tree and apply the relevant ones afterwards.

Also, I have never tested isakmpd/ipv6 on NetBSD, but presumably any
additional problems should be easy to find and fix. If you want, I'll try
to help you to debug this.

Run with 'isakmpd -d -L -DA=3D90' to add both debug output, and to capture
the IKE packets unencrypted in pcap format. Mail me the debug output (if
you want, search for and remove the pre-shared key from the output first),
and the generated /var/run/isakmpd.pcap file.
The latter file can be viewed by something like 'tcpdump -nvs1400 -r
/var/run/isakmpd.pcap', although I don't know if the tcpdump in NetBSD
will decode the IKE phase 2 info...

//H=E5kan

On 2 Feb 2002, Wolfgang Rupprecht wrote:

>
> Is anyone using isakmpd (from pkgsrc) with ipv6?  I've got what is
> essentially the "3way" example running over ipv4, but when I try to
> flesh it out to do the same thing over ipv6 also I get a ton of
> errors and not even the v4 part of the config works any longer.
>
> The config files are here:
>
>         http://www.wsrcc.com/wolfgang/ftp/isakmpd-conf.tar.gz
>
> This is the sort of errors I see:
>
>     Feb  1 22:37:14 capsicum isakmpd[873]: pf_key_v2_flow: SPDADD: Invali=
d argument
>     Feb  1 22:37:17 capsicum isakmpd[873]: util_ntoa: could not make prin=
table address out of sockaddr 0xbfbfcbbc
>     Feb  1 22:37:17 capsicum isakmpd[873]: util_ntoa: could not make prin=
table address out of sockaddr 0xbfbfd014
>     Feb  1 22:37:17 capsicum isakmpd[873]: util_ntoa: could not make prin=
table address out of sockaddr 0xbfbfd014
>     Feb  1 22:37:27 capsicum isakmpd[873]: util_ntoa: could not make prin=
table address out of sockaddr 0xbfbec9fc
>     Feb  1 22:37:27 capsicum isakmpd[873]: pf_key_v2_flow: SPDADD: Invali=
d argument
>     Feb  1 22:37:34 capsicum isakmpd[873]: transport_send_messages: givin=
g up on message 0x8162300
>     Feb  1 22:37:34 capsicum isakmpd[873]: transport_send_messages: givin=
g up on message 0x8143400
>     Feb  1 22:37:37 capsicum isakmpd[873]: pf_key_v2_flow: SPDDELETE: Inv=
alid argument
>     Feb  1 22:37:37 capsicum isakmpd[873]: pf_key_v2_flow: SPDDELETE: Inv=
alid argument
>     Feb  1 22:37:37 capsicum isakmpd[873]: util_ntoa: could not make prin=
table address out of sockaddr 0xbfbfcbbc
>     Feb  1 22:37:45 capsicum isakmpd[873]: isakmpd: shutting down...
>     Feb  1 22:37:45 capsicum isakmpd[873]: pf_key_v2_flow: SPDDELETE: Inv=
alid argument
>
> -wolfgang
> --
>        Wolfgang Rupprecht <wolfgang+gnus@dailyplanet.wsrcc.com>
> =09=09    http://www.wsrcc.com/wolfgang/
> Coming soon: GPS mapping tools for Open Systems. http://www.gnomad-mappin=
g.com/
>
>

--
H=E5kan Olsson <ho@crt.se>        (+46) 708 437 337     Carlstedt Research
Unix, Networking, Security      (+46) 31 701 4264        & Technology AB