isakmpd : flow negotion and null source

[xirkus <xirkus@z1r0.com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am attempting to set up an IPSEC VPN between 2 OBSD boxen (one running
3.3, the other running 3.4). I began by using the default files in
/usr/share/ipsec for the policy and configuration (east and west) and
modified the ip-addresses to the appropriate public gateways for my two
systems. Following the info in man vpn, I also have configured my
pf.conf to allow esp and udp from port 500 bidirectionally. Everything
seems fine upto this point. Once isakmpd is started, negotiation seems
to proceed normally (as evidence from the output of cat /kern/ipsec).

There is a problem however communicating between the two nodes. The
output of one end shows the following output for the source address:

SPI = a506f1e1, Destination = xx.xx.xx.xx, Sproto = 50
~        Established 438 seconds ago
~        Source = (null)       #THIS IS NOT CORRECT
~        Flags (00001082) = <tunneling>
~        Crypto ID: 2
~        xform = <IPsec ESP>
~                Encryption = <Rijndael-128/AES>
~                Authentication = <HMAC-SHA1>
~        0 bytes processed by this SA
~        Expirations:
~                Hard expiration(1) in 762 seconds
~                Soft expiration(1) in 642 seconds


On one end (the OBSD 3.3 gateway) all the addresses are shown correctly.
It is only on the OBSD 3.4 gateway that this trouble exists. As is
stands, I cannot ping from either end of the VPN.

Any help resolving this issue would be greatly appreciated.

Mel Llaguno
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAHV6cARB5j/LItlURAsB0AJ48mJHpz0vKBF9L6ichbshD1FvWVgCghosE
0zNcMVhXMtcFB19cNJ9BHbo=
=Tl4v
-----END PGP SIGNATURE-----