Hi list,
I try to setup ipsec with isakmpd -K and ipsecctl on a OpenBSD 4.0 host. I had
it running on
friday, using the following configuration:
ike active esp from 192.168.100.0/24 to 192.168.101.0/24 \
local 24.24.24.24 peer 42.173.16.1 \
main auth hmac-md5 enc aes group grp2 \
quick auth hmac-md5 enc aes group grp2 \
psk MySekret
I started isakmpd -K and then did an ipsecctl -vv -c /etc/ipsec.conf, and then I
immediately
get a Bad file descriptor, see below:
122049.815507 UI 30 ui_config: "C set [Phase 1]:42.173.16.1=peer-42.173.16.1
force"
122049.815901 UI 30 ui_config: "C set [peer-42.173.16.1]:Phase=1 force"
122049.815971 UI 30 ui_config: "C set [peer-42.173.16.1]:Address=42.173.16.1
force"
122049.816031 UI 30 ui_config: "C set
[peer-42.173.16.1]:Local-address=212.204.56.174
force"
122049.816141 UI 30 ui_config: "C set
[peer-42.173.16.1]:Authentication=MySekret force"
122049.816202 UI 30 ui_config: "C set
[peer-42.173.16.1]:Configuration=mm-42.173.16.1
force"
122049.816297 UI 30 ui_config: "C set [mm-42.173.16.1]:EXCHANGE_TYPE=ID_PROT
force"
122049.816366 UI 30 ui_config: "C add
[mm-42.173.16.1]:Transforms=3DES-MD5-GRP2 force"
122049.816467 Default main: select: Bad file descriptor
122050.817017 Default main: select: Bad file descriptor
122051.827071 Default main: select: Bad file descriptor
122052.837085 Default main: select: Bad file descriptor
122053.847123 Default main: select: Bad file descriptor
I have seen this "Bad file descriptor" on friday too, after a reboot of the
machine,
it "dissapeared". Unfortunately I do not know, what the problem was and how it
got fixed by
the reboot. What could cause the "Bad file descriptor" error message? Do I can
fix it, with
raising some sysctl values or raising values in /etc/login.conf? A pointer in
the right
direction would be great. Just rebooting does not work
kind regards
Sebastian
