On Mon, Jul 4, 2011 at 4:12 PM, rancor <theran...@gmail.com> wrote: > Ah =) Thanks! > > // rancor > > 2011/7/4 Stuart Henderson <s...@spacehopper.org>: > > On 2011-07-02, rancor <theran...@gmail.com> wrote: > >> Hi. > >> > >> I have two separate ipsec tunnels from 4.9 boxes and both are > >> generating this message i /var/log/messages once every hour or two > >> Jul 2 08:14:54 <hostname> isakmpd[28247]: message_recv: invalid > >> cookie(s) 576<scrambled>03c2 > >> Jul 2 08:14:54 <hostname> isakmpd[28247]: dropped message from > >> x.x.x.x port 500 due to notification type INVALID_COOKIE > >> > >> The tunnels works perfect but I still wounder why I got this message. > >> > >> This is my ipsec.conf on host x > >> ike esp transport from x.x.x.x to y.y.y.y psk <scrambled> > >> > >> and on host y > >> ike esp transport from y.y.y.y to x.x.x.x psk <scrambled> > >> > >> Any idea? > >> > >> Best regards rancor > >> > >> > > > > If you're running isakmpd from 4.8 or 4.9 with IKE you want to pull > > up src/sbin/isakmpd/dh.c to r1.14 otherwise you will certainly > > see problems from time to time. >
Is this a cosmetic thing or does it affect connectivity ? We are having issues with gaps in connectivity on our ipsec links with a basic ike setup, an issue we're starting to look into now. Regards Tony
