On 2011-07-02, rancor <theran...@gmail.com> wrote: > Hi. > > I have two separate ipsec tunnels from 4.9 boxes and both are > generating this message i /var/log/messages once every hour or two > Jul 2 08:14:54 <hostname> isakmpd[28247]: message_recv: invalid > cookie(s) 576<scrambled>03c2 > Jul 2 08:14:54 <hostname> isakmpd[28247]: dropped message from > x.x.x.x port 500 due to notification type INVALID_COOKIE > > The tunnels works perfect but I still wounder why I got this message. > > This is my ipsec.conf on host x > ike esp transport from x.x.x.x to y.y.y.y psk <scrambled> > > and on host y > ike esp transport from y.y.y.y to x.x.x.x psk <scrambled> > > Any idea? > > Best regards rancor > >
If you're running isakmpd from 4.8 or 4.9 with IKE you want to pull up src/sbin/isakmpd/dh.c to r1.14 otherwise you will certainly see problems from time to time.
