[Ipsec-tools-devel] unsupported PF_KEY message X_SPDDELETE2 - racoonctl vd does not remote SA's

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi Gents,

i just came across a nagging problem:

If the remote side is terminating the connection, racoon is
correctly removing the outbound SA:

INFO: purged IPsec-SA proto_id=ESP spi=2522972722.

Unfortunately in the next step, the inbound SA is not deleted and
the local racoon setup is complaining:

INFO: unsupported PF_KEY message X_SPDDELETE2

Kernel 2.6.26 debian lenny

Have there been some minor changes int he PF_KEY interface?

Second bug:

racoonctl vd 91.8.0.182
black racoon: INFO: Flushing all SAs for peer 91.8.0.182

So all the SA's for peer 91.8.0.182 should be gone, but they are
still there in the output of setkey -D.

If now the remote side is trying to start the connection again i end
up in the following problem:

fatal INVALID-SPI notify messsage, phase1 should be deleted

what to do?

Stefan

-- 
Stefan Bauer -----------------------------------------
PGP: E80A 50D5 2D46 341C A887 F05D 5C81 5858 DCEF 8C34
-------- plzk.de - Linux - because it works ----------