On Wed, May 30, 2007 at 06:02:22PM +0200, Tore Anderson wrote:
> Another thing I noticed - when using "proposal_check exact" I get the
> following in my logs:
> ERROR: lifebyte mismatched: my:2147483647 peer:4608000
> ERROR: not matched
> ERROR: no suitable policy found.
> ERROR: failed to pre-process packet.
> Do racoon really propose 2G-1 as lifebyte, or is it the proposal
> matching function that's defective? I'd like to not use lifebyte at
> all, but as far as I can see there's no way to specify it in the
> configuration file. I assumed it would be proposed as 0...
Lifebyte is deprecated, and cannot be configured anymore.
I recently had another issue with that (when revalidating conf after a
SIGHUP), which should be fixed by simply ignoring lifebyte.
I guess we should simply discard anything related to lifebyte, but I'm
not sure it won't cause problems with some peers that set up a value
Did your peer really sent a proposal with a lifebyte of 4,5 Mb, or is
this another lifebyte related bug/issue/problem on ipsec-tool's side ?
And was your peer an ipsec-tools's racoon (in which version ?) or
"something else" ?