From: KOVACS K. <hi...@ba...> - 2006-03-29 13:56:30
|
Hi, On Wednesday 29 March 2006 14.47, jamal wrote: > On Wed, 2006-29-03 at 13:12 +0100, Brian Candler wrote: > > Thank you - that at least lets me see the 250 sets of policies > > installed. > > > > However there still seem to be problems with racoon communicating with > > the kernel. By retrying some tunnels I was able to get up to 178, but > > after this I start getting these errors: > > > > Mar 29 12:43:13 candlerb racoon: ERROR: no policy found: id:811033. > > Mar 29 12:43:13 candlerb racoon: ERROR: no policy found: id:811057. > > > > (that's when trying to start tunnels 179 and 180) > > The way i read that is it is caused by acquires coming from the kernel > with those two policy ids and racoon being unable to find the policies. > It is as if the kernel has these policies but not racoon which would be > strange if racoon installed them to begin with. IMHO this is probably a byproduct of the pfkey problems. Racoon adds the policy to its database only if it receives a pfkey SPDUPDATE, SPDADD or SPDDUMP message. So if some pfkey messages get lost then racoon's database won't be updated, and so the SPD database of the kernel and that of racoon will be different. -- Regards, Krisztian Kovacs |