From: Stefan B. <ste...@cu...> - 2010-04-10 17:32:34
|
Hi Gents, i just came across a nagging problem: If the remote side is terminating the connection, racoon is correctly removing the outbound SA: INFO: purged IPsec-SA proto_id=ESP spi=2522972722. Unfortunately in the next step, the inbound SA is not deleted and the local racoon setup is complaining: INFO: unsupported PF_KEY message X_SPDDELETE2 Kernel 2.6.26 debian lenny Have there been some minor changes int he PF_KEY interface? Second bug: racoonctl vd 91.8.0.182 black racoon: INFO: Flushing all SAs for peer 91.8.0.182 So all the SA's for peer 91.8.0.182 should be gone, but they are still there in the output of setkey -D. If now the remote side is trying to start the connection again i end up in the following problem: fatal INVALID-SPI notify messsage, phase1 should be deleted what to do? Stefan -- Stefan Bauer ----------------------------------------- PGP: E80A 50D5 2D46 341C A887 F05D 5C81 5858 DCEF 8C34 -------- plzk.de - Linux - because it works ---------- |