Re: isakmpd Default main: select: Bad file descriptor
Hi, ike active esp from 192.168.100.0/24 to 192.168.101.0/24 \ local 24.24.24.24 peer 42.173.16.1 \ main auth hmac-md5 enc aes group grp2 \ quick auth hmac-md5 enc aes group grp2 \ psk MySekret I opened a bug when the symetric encryptin is set to AES. I found the same behavior as yours. I didn't took the time to investigate but changing the encryption to 3des resolved the issue. changing to 3des instead of using aes does not help anything. I tried this on the master of a carped firewall. copying ipsec.conf to the slave, and starting isakmpd there and then issuing ipsecctl -f /etc/ipsec.conf works just fine, and it does not matter whether I try to use aes or 3des, it starts up just fine on the slave. But unfortunately the trick with rebooting, as mentioned below, doesn't help anymore to get it working on the master host. kind regards Sebastian I started isakmpd -K and then did an ipsecctl -vv -c /etc/ipsec.conf, and then I immediately get a Bad file descriptor, see below: 122049.815507 UI 30 ui_config: C set [Phase 1]:42.173.16.1=peer-42.173.16.1 force 122049.815901 UI 30 ui_config: C set [peer-42.173.16.1]:Phase=1 force 122049.815971 UI 30 ui_config: C set [peer-42.173.16.1]:Address=42.173.16.1 force 122049.816031 UI 30 ui_config: C set [peer-42.173.16.1]:Local-address=212.204.56.174 force 122049.816141 UI 30 ui_config: C set [peer-42.173.16.1]:Authentication=MySekret force 122049.816202 UI 30 ui_config: C set [peer-42.173.16.1]:Configuration=mm-42.173.16.1 force 122049.816297 UI 30 ui_config: C set [mm-42.173.16.1]:EXCHANGE_TYPE=ID_PROT force 122049.816366 UI 30 ui_config: C add [mm-42.173.16.1]:Transforms=3DES-MD5-GRP2 force 122049.816467 Default main: select: Bad file descriptor 122050.817017 Default main: select: Bad file descriptor 122051.827071 Default main: select: Bad file descriptor 122052.837085 Default main: select: Bad file descriptor 122053.847123 Default main: select: Bad file descriptor I have seen this Bad file descriptor on friday too, after a reboot of the machine, it dissapeared. Unfortunately I do not know, what the problem was and how it got fixed by the reboot. What could cause the Bad file descriptor error message? Do I can fix it, with raising some sysctl values or raising values in /etc/login.conf? A pointer in the right direction would be great. Just rebooting does not work kind regards Sebastian
isakmpd Default main: select: Bad file descriptor
Hi list, I try to setup ipsec with isakmpd -K and ipsecctl on a OpenBSD 4.0 host. I had it running on friday, using the following configuration: ike active esp from 192.168.100.0/24 to 192.168.101.0/24 \ local 24.24.24.24 peer 42.173.16.1 \ main auth hmac-md5 enc aes group grp2 \ quick auth hmac-md5 enc aes group grp2 \ psk MySekret I started isakmpd -K and then did an ipsecctl -vv -c /etc/ipsec.conf, and then I immediately get a Bad file descriptor, see below: 122049.815507 UI 30 ui_config: C set [Phase 1]:42.173.16.1=peer-42.173.16.1 force 122049.815901 UI 30 ui_config: C set [peer-42.173.16.1]:Phase=1 force 122049.815971 UI 30 ui_config: C set [peer-42.173.16.1]:Address=42.173.16.1 force 122049.816031 UI 30 ui_config: C set [peer-42.173.16.1]:Local-address=212.204.56.174 force 122049.816141 UI 30 ui_config: C set [peer-42.173.16.1]:Authentication=MySekret force 122049.816202 UI 30 ui_config: C set [peer-42.173.16.1]:Configuration=mm-42.173.16.1 force 122049.816297 UI 30 ui_config: C set [mm-42.173.16.1]:EXCHANGE_TYPE=ID_PROT force 122049.816366 UI 30 ui_config: C add [mm-42.173.16.1]:Transforms=3DES-MD5-GRP2 force 122049.816467 Default main: select: Bad file descriptor 122050.817017 Default main: select: Bad file descriptor 122051.827071 Default main: select: Bad file descriptor 122052.837085 Default main: select: Bad file descriptor 122053.847123 Default main: select: Bad file descriptor I have seen this Bad file descriptor on friday too, after a reboot of the machine, it dissapeared. Unfortunately I do not know, what the problem was and how it got fixed by the reboot. What could cause the Bad file descriptor error message? Do I can fix it, with raising some sysctl values or raising values in /etc/login.conf? A pointer in the right direction would be great. Just rebooting does not work kind regards Sebastian
Re: isakmpd Default main: select: Bad file descriptor
On Mon, Mar 12 2007 at 44:12, Sebastian Reitenbach wrote: Hi list, Hi, I try to setup ipsec with isakmpd -K and ipsecctl on a OpenBSD 4.0 host. I had it running on friday, using the following configuration: ike active esp from 192.168.100.0/24 to 192.168.101.0/24 \ local 24.24.24.24 peer 42.173.16.1 \ main auth hmac-md5 enc aes group grp2 \ quick auth hmac-md5 enc aes group grp2 \ psk MySekret I opened a bug when the symetric encryptin is set to AES. I found the same behavior as yours. I didn't took the time to investigate but changing the encryption to 3des resolved the issue. There is certainly an error in the ipsecctl generated output for isakmpd. regards, Claer I started isakmpd -K and then did an ipsecctl -vv -c /etc/ipsec.conf, and then I immediately get a Bad file descriptor, see below: 122049.815507 UI 30 ui_config: C set [Phase 1]:42.173.16.1=peer-42.173.16.1 force 122049.815901 UI 30 ui_config: C set [peer-42.173.16.1]:Phase=1 force 122049.815971 UI 30 ui_config: C set [peer-42.173.16.1]:Address=42.173.16.1 force 122049.816031 UI 30 ui_config: C set [peer-42.173.16.1]:Local-address=212.204.56.174 force 122049.816141 UI 30 ui_config: C set [peer-42.173.16.1]:Authentication=MySekret force 122049.816202 UI 30 ui_config: C set [peer-42.173.16.1]:Configuration=mm-42.173.16.1 force 122049.816297 UI 30 ui_config: C set [mm-42.173.16.1]:EXCHANGE_TYPE=ID_PROT force 122049.816366 UI 30 ui_config: C add [mm-42.173.16.1]:Transforms=3DES-MD5-GRP2 force 122049.816467 Default main: select: Bad file descriptor 122050.817017 Default main: select: Bad file descriptor 122051.827071 Default main: select: Bad file descriptor 122052.837085 Default main: select: Bad file descriptor 122053.847123 Default main: select: Bad file descriptor I have seen this Bad file descriptor on friday too, after a reboot of the machine, it dissapeared. Unfortunately I do not know, what the problem was and how it got fixed by the reboot. What could cause the Bad file descriptor error message? Do I can fix it, with raising some sysctl values or raising values in /etc/login.conf? A pointer in the right direction would be great. Just rebooting does not work kind regards Sebastian