#24 libipsec failed pfkey align (Invalid extension type)

closed
nobody
5
2009-01-16
2005-09-26
Anonymous
No

Hallo,

I have problem running IPSec tunnel.
Config:
A: debian testing [2.4.27] ipsec-tools/racoon 0.6.1.1
B: debian stabile[3.1] [2.4.27] ipsec-tools/racoon 0.6.1.1

After running few hours, tunnel stops responding.

Debug log host A:
Sep 26 19:32:46 localhost racoon: DEBUG: KEYMAT computed.
Sep 26 19:32:46 localhost racoon: DEBUG: call pk_sendupdate
Sep 26 19:32:46 localhost racoon: DEBUG: encryption(3des)
Sep 26 19:32:46 localhost racoon: DEBUG: hmac(hmac_md5)
Sep 26 19:32:46 localhost racoon: DEBUG: call
pfkey_send_update_nat
Sep 26 19:32:46 localhost racoon: DEBUG: pfkey update sent.
Sep 26 19:32:46 localhost racoon: DEBUG: encryption(3des)
Sep 26 19:32:46 localhost racoon: DEBUG: hmac(hmac_md5)
Sep 26 19:32:46 localhost racoon: DEBUG: call
pfkey_send_add_nat
Sep 26 19:32:46 localhost racoon: DEBUG: pfkey add sent.
Sep 26 19:32:46 localhost racoon: DEBUG: get pfkey
UPDATE message
Sep 26 19:32:46 localhost racoon: DEBUG: pfkey UPDATE
succeeded: ESP/Tunnel
217.172.159.77[16963]->10.8.0.2[4500] spi=195798823(0xbaba
727)
Sep 26 19:32:46 localhost racoon: INFO: IPsec-SA
established: ESP/Tunnel
217.172.159.77[16963]->10.8.0.2[4500]
spi=195798823(0xbaba727
)
Sep 26 19:32:46 localhost racoon: DEBUG: ===
Sep 26 19:32:46 localhost racoon: DEBUG: get pfkey ADD
message
Sep 26 19:32:46 localhost racoon: INFO: IPsec-SA
established: ESP/Tunnel
10.8.0.2[4500]->217.172.159.77[16963]
spi=200723587(0xbf6cc83
)
Sep 26 19:32:46 localhost racoon: DEBUG: ===

ISAKMP-SA expired 10.8.0.2[4500]-217.172.159.77[16963]
spi:0851960bb4256d8a:a4e0b1dd6dbeadbc
Sep 26 19:44:45 localhost racoon: INFO: ISAKMP-SA
deleted 10.8.0.2[4500]-217.172.159.77[16963]
spi:0851960bb4256d8a:a4e0b1dd6dbeadbc
Sep 26 19:44:45 localhost racoon: DEBUG: get pfkey
EXPIRE message
Sep 26 19:44:45 localhost racoon: INFO: IPsec-SA
expired: ESP/Tunnel 217.172.159.77[0]->10.8.0.2[0]
spi=201825893(0xc079e65)
Sep 26 19:44:45 localhost racoon: DEBUG: no such a SA
found: ESP/Tunnel 217.172.159.77[0]->10.8.0.2[0]
spi=201825893(0xc079e65)
Sep 26 19:44:45 localhost racoon: DEBUG: get pfkey
EXPIRE message
Sep 26 19:44:45 localhost racoon: INFO: IPsec-SA
expired: ESP/Tunnel 10.8.0.2[0]->217.172.159.77[0]
spi=176517513(0xa857189)
Sep 26 19:44:45 localhost racoon: DEBUG: no such a SA
found: ESP/Tunnel 10.8.0.2[0]->217.172.159.77[0]
spi=176517513(0xa857189)
Sep 26 19:58:54 localhost racoon: DEBUG: get pfkey
X_NAT_T_NEW_MAPPING message
Sep 26 19:58:54 localhost racoon: ERROR: libipsec
failed pfkey align (Invalid extension type)
Sep 26 19:58:55 localhost racoon: DEBUG: get pfkey
X_NAT_T_NEW_MAPPING message
Sep 26 19:58:55 localhost racoon: ERROR: libipsec
failed pfkey align (Invalid extension type)
Sep 26 19:58:56 localhost racoon: DEBUG: get pfkey
X_NAT_T_NEW_MAPPING message
Sep 26 19:58:56 localhost racoon: ERROR: libipsec
failed pfkey align (Invalid extension type)
Sep 26 19:58:57 localhost racoon: DEBUG: get pfkey
X_NAT_T_NEW_MAPPING message
Sep 26 19:58:57 localhost racoon: ERROR: libipsec
failed pfkey align (Invalid extension type)
Sep 26 19:58:59 localhost racoon: DEBUG: get pfkey
X_NAT_T_NEW_MAPPING message
Sep 26 19:58:59 localhost racoon: ERROR: libipsec
failed pfkey align (Invalid extension type)
Sep 26 19:59:01 localhost racoon: DEBUG: get pfkey
X_NAT_T_NEW_MAPPING message
Sep 26 19:59:01 localhost racoon: ERROR: libipsec
failed pfkey align (Invalid extension type)
Sep 26 19:59:02 localhost racoon: DEBUG: get pfkey
X_NAT_T_NEW_MAPPING message
Sep 26 19:59:02 localhost racoon: ERROR: libipsec
failed pfkey align (Invalid extension type)
Sep 26 19:59:03 localhost racoon: DEBUG: get pfkey
X_NAT_T_NEW_MAPPING message
Sep 26 19:59:03 localhost racoon: ERROR: libipsec
failed pfkey align (Invalid extension type)

Host B:

Sep 26 19:44:00 abcklima_ivanska racoon: DEBUG: ff
Sep 26 19:44:10 abcklima_ivanska racoon: DEBUG: KA:
11.0.0.2[4500]->217.118.109.59[4500]
Sep 26 19:44:10 abcklima_ivanska racoon: DEBUG:
sockname 11.0.0.2[4500]
Sep 26 19:44:10 abcklima_ivanska racoon: DEBUG: send
packet from 11.0.0.2[4500]
Sep 26 19:44:10 abcklima_ivanska racoon: DEBUG: send
packet to 217.118.109.59[4500]
Sep 26 19:44:10 abcklima_ivanska racoon: DEBUG: src4
11.0.0.2[4500]
Sep 26 19:44:10 abcklima_ivanska racoon: DEBUG: dst4
217.118.109.59[4500]
Sep 26 19:44:10 abcklima_ivanska racoon: DEBUG: 1 times
of 1 bytes message will be sent to 217.118.1
09.59[4500]
Sep 26 19:44:10 abcklima_ivanska racoon: DEBUG: ff
Sep 26 19:44:14 abcklima_ivanska racoon: INFO:
ISAKMP-SA expired 11.0.0.2[4500]-217.118.109.59[4500]
spi:0851960bb4256d8a:a4e0b1dd6dbeadbc
Sep 26 19:44:15 abcklima_ivanska racoon: INFO:
ISAKMP-SA deleted 11.0.0.2[4500]-217.118.109.59[4500]
spi:0851960bb4256d8a:a4e0b1dd6dbeadbc
Sep 26 19:44:15 abcklima_ivanska racoon: INFO: KA
remove: 11.0.0.2[4500]->217.118.109.59[4500]
Sep 26 19:44:15 abcklima_ivanska racoon: DEBUG: KA tree
dump: 11.0.0.2[4500]->217.118.109.59[4500] (
in_use=1)
Sep 26 19:44:15 abcklima_ivanska racoon: DEBUG: KA
removing this one...
Sep 26 19:44:16 abcklima_ivanska racoon: DEBUG: get
pfkey EXPIRE message
Sep 26 19:44:16 abcklima_ivanska racoon: INFO: IPsec-SA
expired: ESP/Tunnel 217.118.109.59[0]->11.0.
0.2[0] spi=176517513(0xa857189)
Sep 26 19:44:16 abcklima_ivanska racoon: DEBUG: no such
a SA found: ESP/Tunnel 217.118.109.59[0]->11
.0.0.2[0] spi=176517513(0xa857189)
Sep 26 19:44:16 abcklima_ivanska racoon: DEBUG: get
pfkey EXPIRE message
Sep 26 19:44:16 abcklima_ivanska racoon: INFO: IPsec-SA
expired: ESP/Tunnel 11.0.0.2[0]->217.118.109
.59[0] spi=201825893(0xc079e65)
Sep 26 19:44:16 abcklima_ivanska racoon: DEBUG: no such
a SA found: ESP/Tunnel 11.0.0.2[0]->217.118.
109.59[0] spi=201825893(0xc079e65)

Discussion

  • Timo Teras
    Timo Teras
    2009-01-16

    Closing all sourceforge.net bugs. If this issue has not been cared for please submit a new bug report to https://trac.ipsec-tools.net/ issue tracker. Thank you.

     
  • Timo Teras
    Timo Teras
    2009-01-16

    • status: open --> closed