isakmpd Default main: select: Bad file descriptor
Hi list, I try to setup ipsec with isakmpd -K and ipsecctl on a OpenBSD 4.0 host. I had it running on friday, using the following configuration: ike active esp from 192.168.100.0/24 to 192.168.101.0/24 \ local 24.24.24.24 peer 42.173.16.1 \ main auth hmac-md5 enc aes group grp2 \ quick auth hmac-md5 enc aes group grp2 \ psk MySekret I started isakmpd -K and then did an ipsecctl -vv -c /etc/ipsec.conf, and then I immediately get a Bad file descriptor, see below: 122049.815507 UI 30 ui_config: "C set [Phase 1]:42.173.16.1=peer-42.173.16.1 force" 122049.815901 UI 30 ui_config: "C set [peer-42.173.16.1]:Phase=1 force" 122049.815971 UI 30 ui_config: "C set [peer-42.173.16.1]:Address=42.173.16.1 force" 122049.816031 UI 30 ui_config: "C set [peer-42.173.16.1]:Local-address=212.204.56.174 force" 122049.816141 UI 30 ui_config: "C set [peer-42.173.16.1]:Authentication=MySekret force" 122049.816202 UI 30 ui_config: "C set [peer-42.173.16.1]:Configuration=mm-42.173.16.1 force" 122049.816297 UI 30 ui_config: "C set [mm-42.173.16.1]:EXCHANGE_TYPE=ID_PROT force" 122049.816366 UI 30 ui_config: "C add [mm-42.173.16.1]:Transforms=3DES-MD5-GRP2 force" 122049.816467 Default main: select: Bad file descriptor 122050.817017 Default main: select: Bad file descriptor 122051.827071 Default main: select: Bad file descriptor 122052.837085 Default main: select: Bad file descriptor 122053.847123 Default main: select: Bad file descriptor I have seen this "Bad file descriptor" on friday too, after a reboot of the machine, it "dissapeared". Unfortunately I do not know, what the problem was and how it got fixed by the reboot. What could cause the "Bad file descriptor" error message? Do I can fix it, with raising some sysctl values or raising values in /etc/login.conf? A pointer in the right direction would be great. Just rebooting does not work kind regards Sebastian
Re: isakmpd Default main: select: Bad file descriptor
On Mon, Mar 12 2007 at 44:12, Sebastian Reitenbach wrote: > Hi list, Hi, > I try to setup ipsec with isakmpd -K and ipsecctl on a OpenBSD 4.0 host. I had > it running on > friday, using the following configuration: > > ike active esp from 192.168.100.0/24 to 192.168.101.0/24 \ > local 24.24.24.24 peer 42.173.16.1 \ > main auth hmac-md5 enc aes group grp2 \ > quick auth hmac-md5 enc aes group grp2 \ > psk MySekret I opened a bug when the symetric encryptin is set to AES. I found the same behavior as yours. I didn't took the time to investigate but changing the encryption to 3des resolved the issue. There is certainly an error in the ipsecctl generated output for isakmpd. regards, Claer > > I started isakmpd -K and then did an ipsecctl -vv -c /etc/ipsec.conf, and > then I > immediately > get a Bad file descriptor, see below: > > 122049.815507 UI 30 ui_config: "C set [Phase 1]:42.173.16.1=peer-42.173.16.1 > force" > 122049.815901 UI 30 ui_config: "C set [peer-42.173.16.1]:Phase=1 force" > 122049.815971 UI 30 ui_config: "C set [peer-42.173.16.1]:Address=42.173.16.1 > force" > 122049.816031 UI 30 ui_config: "C set > [peer-42.173.16.1]:Local-address=212.204.56.174 > force" > 122049.816141 UI 30 ui_config: "C set > [peer-42.173.16.1]:Authentication=MySekret force" > 122049.816202 UI 30 ui_config: "C set > [peer-42.173.16.1]:Configuration=mm-42.173.16.1 > force" > 122049.816297 UI 30 ui_config: "C set [mm-42.173.16.1]:EXCHANGE_TYPE=ID_PROT > force" > 122049.816366 UI 30 ui_config: "C add > [mm-42.173.16.1]:Transforms=3DES-MD5-GRP2 force" > 122049.816467 Default main: select: Bad file descriptor > 122050.817017 Default main: select: Bad file descriptor > 122051.827071 Default main: select: Bad file descriptor > 122052.837085 Default main: select: Bad file descriptor > 122053.847123 Default main: select: Bad file descriptor > > I have seen this "Bad file descriptor" on friday too, after a reboot of the > machine, > it "dissapeared". Unfortunately I do not know, what the problem was and how it > got fixed by > the reboot. What could cause the "Bad file descriptor" error message? Do I can > fix it, with > raising some sysctl values or raising values in /etc/login.conf? A pointer in > the right > direction would be great. Just rebooting does not work > > > kind regards > Sebastian
Re: isakmpd Default main: select: Bad file descriptor
Hi, > > > > ike active esp from 192.168.100.0/24 to 192.168.101.0/24 \ > > local 24.24.24.24 peer 42.173.16.1 \ > > main auth hmac-md5 enc aes group grp2 \ > > quick auth hmac-md5 enc aes group grp2 \ > > psk MySekret > I opened a bug when the symetric encryptin is set to AES. I found the > same behavior as yours. I didn't took the time to investigate but > changing the encryption to 3des resolved the issue. changing to 3des instead of using aes does not help anything. I tried this on the master of a carped firewall. copying ipsec.conf to the slave, and starting isakmpd there and then issuing ipsecctl -f /etc/ipsec.conf works just fine, and it does not matter whether I try to use aes or 3des, it starts up just fine on the slave. But unfortunately the trick with rebooting, as mentioned below, doesn't help anymore to get it working on the master host. kind regards Sebastian > > > > I started isakmpd -K and then did an ipsecctl -vv -c /etc/ipsec.conf, and then I > > immediately > > get a Bad file descriptor, see below: > > > > 122049.815507 UI 30 ui_config: "C set [Phase 1]:42.173.16.1=peer-42.173.16.1 > > force" > > 122049.815901 UI 30 ui_config: "C set [peer-42.173.16.1]:Phase=1 force" > > 122049.815971 UI 30 ui_config: "C set [peer-42.173.16.1]:Address=42.173.16.1 > > force" > > 122049.816031 UI 30 ui_config: "C set > > [peer-42.173.16.1]:Local-address=212.204.56.174 > > force" > > 122049.816141 UI 30 ui_config: "C set > > [peer-42.173.16.1]:Authentication=MySekret force" > > 122049.816202 UI 30 ui_config: "C set > > [peer-42.173.16.1]:Configuration=mm-42.173.16.1 > > force" > > 122049.816297 UI 30 ui_config: "C set [mm-42.173.16.1]:EXCHANGE_TYPE=ID_PROT > > force" > > 122049.816366 UI 30 ui_config: "C add > > [mm-42.173.16.1]:Transforms=3DES-MD5-GRP2 force" > > 122049.816467 Default main: select: Bad file descriptor > > 122050.817017 Default main: select: Bad file descriptor > > 122051.827071 Default main: select: Bad file descriptor > > 122052.837085 Default main: select: Bad file descriptor > > 122053.847123 Default main: select: Bad file descriptor > > > > I have seen this "Bad file descriptor" on friday too, after a reboot of the > > machine, > > it "dissapeared". Unfortunately I do not know, what the problem was and how it > > got fixed by > > the reboot. What could cause the "Bad file descriptor" error message? Do I can > > fix it, with > > raising some sysctl values or raising values in /etc/login.conf? A pointer in > > the right > > direction would be great. Just rebooting does not work > > > > > > kind regards > > Sebastian
