Re: isakmpd and INVALID_COOKIE

2011-07-09 Thread Paul Suh
Hmm.. sounds like this might be a candidate for -STABLE? --Paul On Jul 8, 2011, at 10:09 AM, Stuart Henderson wrote: > On 2011-07-08, Tony Sarendal wrote: If you're running isakmpd from 4.8 or 4.9 with IKE you want to pull up src/sbin/isakmpd/dh.c to r1.14 otherwise you will certain

Re: isakmpd and INVALID_COOKIE

2011-07-08 Thread Tony Sarendal
On Fri, Jul 8, 2011 at 4:09 PM, Stuart Henderson wrote: > On 2011-07-08, Tony Sarendal wrote: > >> > If you're running isakmpd from 4.8 or 4.9 with IKE you want to pull > >> > up src/sbin/isakmpd/dh.c to r1.14 otherwise you will certainly > >> > see problems from time to time. > >> > > > > Is thi

Re: isakmpd and INVALID_COOKIE

2011-07-08 Thread Stuart Henderson
On 2011-07-08, Tony Sarendal wrote: >> > If you're running isakmpd from 4.8 or 4.9 with IKE you want to pull >> > up src/sbin/isakmpd/dh.c to r1.14 otherwise you will certainly >> > see problems from time to time. >> > > Is this a cosmetic thing or does it affect connectivity ? dh.c r1.14 affects

Re: isakmpd and INVALID_COOKIE

2011-07-08 Thread rancor
We are not using the tunnels for production use yet and have not started to measure uptime but we will do it soon. I have not noticed any problem when Im using the tunnels, only the messages. How ever. I was recommended by Stuart to pull up src/sbin/isakmpd/dh.c to 1.14 since there is a bug that a

Re: isakmpd and INVALID_COOKIE

2011-07-08 Thread Tony Sarendal
On Mon, Jul 4, 2011 at 4:12 PM, rancor wrote: > Ah =) Thanks! > > // rancor > > 2011/7/4 Stuart Henderson : > > On 2011-07-02, rancor wrote: > >> Hi. > >> > >> I have two separate ipsec tunnels from 4.9 boxes and both are > >> generating this message i /var/log/messages once every hour or two >

Re: isakmpd and INVALID_COOKIE

2011-07-04 Thread rancor
Ah =) Thanks! // rancor 2011/7/4 Stuart Henderson : > On 2011-07-02, rancor wrote: >> Hi. >> >> I have two separate ipsec tunnels from 4.9 boxes and both are >> generating this message i /var/log/messages once every hour or two >> Jul 2 08:14:54 isakmpd[28247]: message_recv: invalid >> cookie(

Re: isakmpd and INVALID_COOKIE

2011-07-04 Thread Stuart Henderson
On 2011-07-02, rancor wrote: > Hi. > > I have two separate ipsec tunnels from 4.9 boxes and both are > generating this message i /var/log/messages once every hour or two > Jul 2 08:14:54 isakmpd[28247]: message_recv: invalid > cookie(s) 57603c2 > Jul 2 08:14:54 isakmpd[28247]: dropped message