Hi, > > > > ike active esp from 192.168.100.0/24 to 192.168.101.0/24 \ > > local 24.24.24.24 peer 42.173.16.1 \ > > main auth hmac-md5 enc aes group grp2 \ > > quick auth hmac-md5 enc aes group grp2 \ > > psk MySekret > I opened a bug when the symetric encryptin is set to AES. I found the > same behavior as yours. I didn't took the time to investigate but > changing the encryption to 3des resolved the issue.
changing to 3des instead of using aes does not help anything. I tried this on the master of a carped firewall. copying ipsec.conf to the slave, and starting isakmpd there and then issuing ipsecctl -f /etc/ipsec.conf works just fine, and it does not matter whether I try to use aes or 3des, it starts up just fine on the slave. But unfortunately the trick with rebooting, as mentioned below, doesn't help anymore to get it working on the master host. kind regards Sebastian > > > > I started isakmpd -K and then did an ipsecctl -vv -c /etc/ipsec.conf, and then I > > immediately > > get a Bad file descriptor, see below: > > > > 122049.815507 UI 30 ui_config: "C set [Phase 1]:42.173.16.1=peer-42.173.16.1 > > force" > > 122049.815901 UI 30 ui_config: "C set [peer-42.173.16.1]:Phase=1 force" > > 122049.815971 UI 30 ui_config: "C set [peer-42.173.16.1]:Address=42.173.16.1 > > force" > > 122049.816031 UI 30 ui_config: "C set > > [peer-42.173.16.1]:Local-address=212.204.56.174 > > force" > > 122049.816141 UI 30 ui_config: "C set > > [peer-42.173.16.1]:Authentication=MySekret force" > > 122049.816202 UI 30 ui_config: "C set > > [peer-42.173.16.1]:Configuration=mm-42.173.16.1 > > force" > > 122049.816297 UI 30 ui_config: "C set [mm-42.173.16.1]:EXCHANGE_TYPE=ID_PROT > > force" > > 122049.816366 UI 30 ui_config: "C add > > [mm-42.173.16.1]:Transforms=3DES-MD5-GRP2 force" > > 122049.816467 Default main: select: Bad file descriptor > > 122050.817017 Default main: select: Bad file descriptor > > 122051.827071 Default main: select: Bad file descriptor > > 122052.837085 Default main: select: Bad file descriptor > > 122053.847123 Default main: select: Bad file descriptor > > > > I have seen this "Bad file descriptor" on friday too, after a reboot of the > > machine, > > it "dissapeared". Unfortunately I do not know, what the problem was and how it > > got fixed by > > the reboot. What could cause the "Bad file descriptor" error message? Do I can > > fix it, with > > raising some sysctl values or raising values in /etc/login.conf? A pointer in > > the right > > direction would be great. Just rebooting does not work > > > > > > kind regards > > Sebastian
