Re: isakmpd and INVALID_COOKIE

2011-07-09 Thread Paul Suh
Hmm.. sounds like this might be a candidate for -STABLE? --Paul On Jul 8, 2011, at 10:09 AM, Stuart Henderson wrote: On 2011-07-08, Tony Sarendal t...@polarcap.org wrote: If you're running isakmpd from 4.8 or 4.9 with IKE you want to pull up src/sbin/isakmpd/dh.c to r1.14 otherwise you

Re: isakmpd and INVALID_COOKIE

2011-07-08 Thread Tony Sarendal
On Mon, Jul 4, 2011 at 4:12 PM, rancor theran...@gmail.com wrote: Ah =) Thanks! // rancor 2011/7/4 Stuart Henderson s...@spacehopper.org: On 2011-07-02, rancor theran...@gmail.com wrote: Hi. I have two separate ipsec tunnels from 4.9 boxes and both are generating this message i

Re: isakmpd and INVALID_COOKIE

2011-07-08 Thread rancor
We are not using the tunnels for production use yet and have not started to measure uptime but we will do it soon. I have not noticed any problem when Im using the tunnels, only the messages. How ever. I was recommended by Stuart to pull up src/sbin/isakmpd/dh.c to 1.14 since there is a bug that

Re: isakmpd and INVALID_COOKIE

2011-07-08 Thread Stuart Henderson
On 2011-07-08, Tony Sarendal t...@polarcap.org wrote: If you're running isakmpd from 4.8 or 4.9 with IKE you want to pull up src/sbin/isakmpd/dh.c to r1.14 otherwise you will certainly see problems from time to time. Is this a cosmetic thing or does it affect connectivity ? dh.c r1.14

Re: isakmpd and INVALID_COOKIE

2011-07-08 Thread Tony Sarendal
On Fri, Jul 8, 2011 at 4:09 PM, Stuart Henderson s...@spacehopper.orgwrote: On 2011-07-08, Tony Sarendal t...@polarcap.org wrote: If you're running isakmpd from 4.8 or 4.9 with IKE you want to pull up src/sbin/isakmpd/dh.c to r1.14 otherwise you will certainly see problems from time to

Re: isakmpd and INVALID_COOKIE

2011-07-04 Thread Stuart Henderson
On 2011-07-02, rancor theran...@gmail.com wrote: Hi. I have two separate ipsec tunnels from 4.9 boxes and both are generating this message i /var/log/messages once every hour or two Jul 2 08:14:54 hostname isakmpd[28247]: message_recv: invalid cookie(s) 576scrambled03c2 Jul 2 08:14:54

Re: isakmpd and INVALID_COOKIE

2011-07-04 Thread rancor
Ah =) Thanks! // rancor 2011/7/4 Stuart Henderson s...@spacehopper.org: On 2011-07-02, rancor theran...@gmail.com wrote: Hi. I have two separate ipsec tunnels from 4.9 boxes and both are generating this message i /var/log/messages once every hour or two Jul 2 08:14:54 hostname

isakmpd and INVALID_COOKIE

2011-07-02 Thread rancor
Hi. I have two separate ipsec tunnels from 4.9 boxes and both are generating this message i /var/log/messages once every hour or two Jul 2 08:14:54 hostname isakmpd[28247]: message_recv: invalid cookie(s) 576scrambled03c2 Jul 2 08:14:54 hostname isakmpd[28247]: dropped message from x.x.x.x port