[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
isakmpd uncertainties
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: isakmpd uncertainties
- From: "Russell P. Sutherland" <russ_(_at_)_quist_(_dot_)_ca>
- Date: Fri, 3 Aug 2001 10:36:55 -0401
- Organization: Quist Consulting
I have a central VPN machine (bram) running 2.8:
bram# uname -a
OpenBSD bram 2.8 GENERIC#399 i386
It connects with two VPN (node) machines. (miss and wind):
wind# uname -a
OpenBSD wind 2.8 GENERIC#399 i386
miss# uname -a
OpenBSD miss 2.9 GENERIC#653 i386
The IPSec tunnels are configured using isakmpd and appear to be working:
#miss: netstat -rn -f encap
Routing tables
Encap:
Source Port Destination Port Proto SA(Address/Proto/Type/Direction)
192.168.1/24 0 192.168.2/24 0 0 66.46.10.42/50/require/in
192.168.1/24 0 192.168.4/24 0 0 66.46.10.42/50/require/in
192.168.2/24 0 192.168.1/24 0 0 66.46.10.42/50/require/out
192.168.4/24 0 192.168.1/24 0 0 66.46.10.42/50/require/out
wind# netstat -rn -f encap
Routing tables
Encap:
Source Port Destination Port Proto SA(Address/Proto/Type/Direction)
66.46.10.42/32 0 192.168.2/24 0 0 66.46.10.42/50/require/in
66.46.10.42/32 0 192.168.4/24 0 0 66.46.10.42/50/require/in
66.46.10.42/32 0 216.8.128.53/32 0 0 66.46.10.42/50/require/in
192.168.1/24 0 192.168.2/24 0 0 66.46.10.42/50/require/in
192.168.1/24 0 192.168.4/24 0 0 66.46.10.42/50/require/in
192.168.4/24 0 192.168.1/24 0 0 66.46.10.42/50/require/outing tables
bram# netstat -rn -f encap
Routing tables
Encap:
Source Port Destination Port Proto SA(Address/Proto/Type/Direction)
24.156.54.210/32 0 66.46.10.42/32 0 0 24.156.54.210/50/require/in
24.156.54.210/32 0 192.168.1/24 0 0 24.156.54.210/50/require/in
192.168.2/24 0 192.168.1/24 0 0 24.156.54.210/50/require/in
192.168.4/24 0 192.168.1/24 0 0 216.8.128.53/50/require/in
216.8.128.53/32 0 66.46.10.42/32 0 0 216.8.128.53/50/require/in
216.8.128.53/32 0 192.168.1/24 0 0 216.8.128.53/50/require/in
192.168.1/24 0 192.168.2/24 0 0 24.156.54.210/50/require/out
192.168.1/24 0 192.168.4/24 0 0 216.8.128.53/50/require/out
I note that the routing table for the two nodes are not symmetric.
Furthermore I get regular syslog errors on wind:
Aug 3 08:32:48 wind isakmpd: pf_key_v2_write: writev (3, 0x0x118400, 7) failed: Invalid argument
Aug 3 08:37:32 wind isakmpd: pf_key_v2_write: writev (3, 0x0x118600, 7) failed: Invalid argument
Aug 3 08:55:32 wind isakmpd: pf_key_v2_write: writev (3, 0x0x118780, 7) failed: Invalid argument
Aug 3 09:09:10 wind isakmpd: pf_key_v2_write: writev (3, 0x0x118680, 7) failed: Invalid argument
Aug 3 09:13:32 wind isakmpd: pf_key_v2_write: writev (3, 0x0x118480, 7) failed: Invalid argument
Aug 3 09:31:32 wind isakmpd: pf_key_v2_write: writev (3, 0x0x118600, 7) failed: Invalid argument
Aug 3 09:48:42 wind isakmpd: pf_key_v2_write: writev (3, 0x0x118640, 7) failed: Invalid argument
Aug 3 10:00:40 wind syslogd: restart
Aug 3 10:06:24 wind isakmpd: pf_key_v2_write: writev (3, 0x0x118680, 7) failed: Invalid argument
Aug 3 10:24:19 wind isakmpd: pf_key_v2_write: writev (3, 0x0x118600, 7) failed: Invalid argument
Does anyone know why I am getting these errors and why the wind machine has the extra encap routes?
--
Quist Consulting Email: russ_(_at_)_quist_(_dot_)_ca
219 Donlea Drive Voice: +1.416.696.7600
Toronto ON M4G 2N1 Cell: +1.416.803.0080
CANADA WWW: http://www.quist.ca
Visit your host, monkey.org