[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf_key_v2_get_spi: GETSPI: Operation not supported

To: Rafael Coninck Teigao <rafael@SafeCore.NET>
Subject: Re: pf_key_v2_get_spi: GETSPI: Operation not supported
From: Hakan Olsson <ho@crt.se>
Date: Fri, 15 Feb 2002 09:57:36 +0100 (MET)
Cc: OpenBSD Misc <misc@openbsd.org>

Looks like you have ESP disabled.

I.e do 'sysctl -w net.inet.esp.enable=1', and look in /etc/sysctl.conf to
make it permanent (in 3.0 and up, it's enabled by default).

You didn't perhaps routinely remove the '#' before that line in
sysctl.conf after a new build? Previously required to enabled IPsec/ESP,
but now in 3.0, disables it instead. This bit me once. :)

/H

On Thu, 14 Feb 2002, Rafael Coninck Teigao wrote:

> Hi,
>     I'm getting this error in isakmpd phase 2 while talking to a SSH
> Sentinel:
>
> 185446.573956 Negt 30 message_negotiate_sa: transform 1 proto 3 proposal
> 1 ok
> 185446.574001 Negt 30 message_negotiate_sa: transform 1 proto 4 proposal
> 1 ok
> 185446.574791 Negt 30 message_negotiate_sa: proposal 1 succeeded
> 185446.575432 Default pf_key_v2_get_spi: GETSPI: Operation not supported
>
> 185446.575491 Default exchange_run: doi->responder (0x121c00) failed
...

--
Håkan Olsson <ho@crt.se>        (+46) 708 437 337     Carlstedt Research
Unix, Networking, Security      (+46) 31 701 4264        & Technology AB

Follow-Ups:
- Re: pf_key_v2_get_spi: GETSPI: Operation not supported
  - From: Rafael Coninck Teigao <rafael@SafeCore.NET>

References:
- pf_key_v2_get_spi: GETSPI: Operation not supported
  - From: Rafael Coninck Teigao <rafael@SafeCore.NET>

Prev by Date: PF Question about return-icmp packets ... (Asheron's Call)
Next by Date: Re: PF Question about return-icmp packets ... (Asheron's Call)
Prev by thread: pf_key_v2_get_spi: GETSPI: Operation not supported
Next by thread: Re: pf_key_v2_get_spi: GETSPI: Operation not supported
Index(es):
- Date
- Thread