So i stopped ipsec, applied the patch, ran make programs and sudo make install, and restarted ipsec. I still get the same message about the unknown value 16777216
On Sun, Jan 11, 2015 at 9:24 PM, Paul Wouters <[email protected]> wrote: > On Sun, 11 Jan 2015, Ali Gangji wrote: > > Date: Sun, 11 Jan 2015 12:47:04 >> 004 "ner" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY >> cipher=aes_256 integ=sha group=MODP1024} >> > > So this is good. phase1 is up. Better than your phase1 errors before. > > 117 "ner" #2: STATE_QUICK_I1: initiate >> > > starting phase2.... > > 003 "ner" #2: DOI of ISAKMP Notification Payload has an unknown value: >> 16777216 >> > > So the DOI (Domain of Interpretation) is a 4 octet value. It can either > contain 0 for ISAKMP or 1 for IPsec. > > See: http://www.iana.org/assignments/ipsec-registry/ > ipsec-registry.xhtml#ipsec-registry-19 > > So 16777216 is pretty wrong. Note that this value in hex is 0x1000000. > So this makes be believe that the other end screwed up network and host > order: > > $ python > Python 2.7.5 (default, Nov 3 2014, 14:33:39) [GCC 4.8.3 20140911 (Red Hat > 4.8.3-7)] on linux2 > Type "help", "copyright", "credits" or "license" for more information. > >> hex(16777216) >>>> >>> '0x1000000' > >> import socket >>>> socket.htonl(1) >>>> >>> 16777216L > > So this looks like an OSX server bug. Please try the attached patch, > > Note this will only ignore their bad value on our end. If you reverse > directions, things might still break if they don't like a real 1 and > insist on 16777216. > > Paul
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
