Re: pfkey UPDATE and ADD failed with IPsec

[christos%astron.com@localhost (Christos Zoulas)]

In article <47cda1d0acf.ef5aa78%mail.owl.de@localhost>,
Frank Wille  <frank%phoenix.owl.de@localhost> wrote:
>-=-=-=-=-=-
>
>Hi,
>
>after I found out that an "rsasig" Roadwarrior client with IKE mode config
>does not work with Racoon, I wanted to try something proven, which many
>people successfully configured: "hybrid_rsa_client" (configuation
>attached).
>
>I initiate the connection and enter my password:
># racoonctl vc -u frank 77.182.71.224
>
>Phase 1 is established, racoonctl returned, the MOTD is displayed and even
>mode config worked fine, assigning me an IP address and a gateyway. The
>phase1-up script entered the correct SPD policies (192.168.0.90 is the
>first address from my "mode-configured" VPN pool):
>
># setkey -DP
>0.0.0.0/0[any] 192.168.0.90[any] reserved
>    in ipsec
>    esp/tunnel/77.182.71.224-192.168.1.5/require
>    spid=8 seq=1 pid=2094
>    refcnt=1
>192.168.0.90[any] 0.0.0.0/0[any] reserved
>    out ipsec
>    esp/tunnel/192.168.1.5-77.182.71.224/require
>    spid=7 seq=0 pid=2094
>    refcnt=1
>
>
>There are no SAD entries yet, and phase 2 was not attempted. But I guess
>this is normal. Phase 2 is established when accessing an address from my
>VPN network, e.g. by typing "ping 192.168.0.100".
>
>But it looks like Racoon cannot update the SA database? The following
>happens:
>
>/netbsd: key_set_natt_ports: type 2, sport = 4500, dport = 4500
>/netbsd: key_update: no SA index found.

This is the bug I just fixed. You will not see the 'no SA index' message
anymore.

christos