[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Restart of ISAKMPd Introduces Erroneous Routes
At 00:55 19.02.2004, Jim Henderson wrote:
>Now here's where it gets interesting. isakmpd starts fine. But after a
>few seconds, I get a few messages like this on the console:
># Feb 18 15:48:20 bsdawg isakmpd: message_recv: invalid cookie(s)
>Feb 18 15:48:20 bsdawg isakmpd: dropped message from 192.168.1.30
>port 500 due to notification type INVALID_COOKIE
>And then *all* network connections *except* the VPN tunnel do not work
>anymore. This *includes* normal IPv4.
we experience the exactly same behaviour (IPSEC/ESP + "regular" IP4 dead on all
network interfaces). This happens once in a while when a) restarting isakmpd
while VPN-connections exist or b) even without restarting isakmpd, maybe due to
funny Windows 2000-Clients.
quick&dirty solution: periodically (5 min cronjob) ping any local IP in your
network -> no response -> "ipsecadm flush"