Sorry to bother everyone, but I had some questions about some racoon error
messages I see, specifically "no PFS is specified, but peer sends KE" and
"Cannot record event: event queue overflow". The first one happens when
phase 2 is being reestablished, after the responder reset. These messages
are on the responder. On the initiator I see messages of "the expire
message is received but the handler has not been established" and "unknown
notify message, no phase2 handle found". The second one happens at multiple
points. We've tried multiple versions of ipsec-tools (0.5.1 and 0.6.5).
The first error is seen on both, but the second one I only see on 0.6.5.
What do these messages mean?
Also, in an earlier thread someone remarked that it was bad to run with
proposal_check to obey. Why is this? In our setup for various reasons we
have to run with obey on.
Thanks for any help you might be able to give me!