Menu
▾
▴
Re: [Ipsec-tools-devel] dnssec error
|
From: Claude T. <cla...@ie...> - 2009-03-13 14:20:29
|
Ok, thanks very much. Claude > Ok, looks like kernel send acquire, racoon initiates, > initiation fails, but racoon does not send error response > to acquire. I'm not entirely sure of how kernel works, or > if it expects to receive the error here, before it falls > back to sending plaintext. > > I think racoon sends the error response when the phase2 > times out internally in racoon, instead of when phase1 > failed permanently. And probably the kernel acquire times > out before racoons phase2, so the kernel never gets the > negative reply for the SA. > > I'll try to see if it's easy to patch racoon to send the > error response back. > > - Timo > |