ISAKMPD problem 3.7 <--> 3.8

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

ISAKMPD problem 3.7 <--> 3.8

robdenz@libero.it
Hello!

   I have a problem with ISAKMPD on a new machine running 3.8-RELEASE.

   The machines on the other sides of the tunnels are running
3.6-RELEASE and 3.7-RELEASE; they talk to each other just fine.

   But the machine with 3.8 cannot talk to any of the other two
boxes.

   Reading in the lists, I saw messages dating a few days ago
suggesting to run isakmpd with the -T option. Unfortunately, it
doesn't seem to work for me. Already cheched and re-wrote the
config files, just in case.

   I keep getting messages such as
Default pf_key_v2_get_spi: GETSPI: Operation not supported
Default initiator_send_HASH_SA_NONCE: doi->get_spi failed

   Is the -T option supposed to work for 3.6 and 3.7 (both RELEASE)
or is it only going to work with a 3.7-STABLE?

   I can upgrade the 3.7 machine, but not the 3.6. Anything else
I can try or shall I just ditch the 3.8 and reinstall 3.7 on my
new machine as well?

Many thanks in advance!

--Rob

Reply | Threaded
Open this post in threaded view
|

Re: ISAKMPD problem 3.7 <--> 3.8

Hans-Joerg Hoexer
make sure to apply all patches for 3.7, see errata37.html.  I've added fix a
few days ago.  Moreover, I need the full out put of -DA=80 to see what's
actually going on.

HJ.

On Tue, Nov 29, 2005 at 01:20:25PM +0100, [hidden email] wrote:

> Hello!
>
>    I have a problem with ISAKMPD on a new machine running 3.8-RELEASE.
>
>    The machines on the other sides of the tunnels are running
> 3.6-RELEASE and 3.7-RELEASE; they talk to each other just fine.
>
>    But the machine with 3.8 cannot talk to any of the other two
> boxes.
>
>    Reading in the lists, I saw messages dating a few days ago
> suggesting to run isakmpd with the -T option. Unfortunately, it
> doesn't seem to work for me. Already cheched and re-wrote the
> config files, just in case.
>
>    I keep getting messages such as
> Default pf_key_v2_get_spi: GETSPI: Operation not supported
> Default initiator_send_HASH_SA_NONCE: doi->get_spi failed
>
>    Is the -T option supposed to work for 3.6 and 3.7 (both RELEASE)
> or is it only going to work with a 3.7-STABLE?
>
>    I can upgrade the 3.7 machine, but not the 3.6. Anything else
> I can try or shall I just ditch the 3.8 and reinstall 3.7 on my
> new machine as well?
>
> Many thanks in advance!
>
> --Rob

Reply | Threaded
Open this post in threaded view
|

Re: ISAKMPD problem 3.7 <--> 3.8

Håkan Olsson
In reply to this post by robdenz@libero.it
On 29 nov 2005, at 13.20, robdenz@@libero..it wrote:
>
>    I keep getting messages such as
> Default pf_key_v2_get_spi: GETSPI: Operation not supported
> Default initiator_send_HASH_SA_NONCE: doi->get_spi failed

Make sure you did not accidentally disable ESP (and AH) in /etc/
sysctl.conf.

/H