[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Restart of ISAKMPd Introduces Erroneous Routes

To: Jim Henderson <his_jimboness@yahoo.ca>, misc@openbsd.org
Subject: Re: Restart of ISAKMPd Introduces Erroneous Routes
From: Peter Grießl <griessl@ihs.ac.at>
Date: Thu, 19 Feb 2004 12:44:47 +0100
References: <4033FB7B.8050201@yahoo.ca>

At 00:55 19.02.2004, Jim Henderson wrote:
>Now here's where it gets interesting.  isakmpd starts fine.  But after a 
>few seconds, I get a few messages like this on the console:
># Feb 18 15:48:20 bsdawg isakmpd[10520]: message_recv: invalid cookie(s) 
>582d91798d782196 5e0f198563f05a2f
>Feb 18 15:48:20 bsdawg isakmpd[10520]: dropped message from 192.168.1.30 
>port 500 due to notification type INVALID_COOKIE
>
>And then *all* network connections *except* the VPN tunnel do not work 
>anymore.  This *includes* normal IPv4.


Hi all,

we experience the exactly same behaviour (IPSEC/ESP + "regular" IP4 dead on all
network interfaces). This happens once in a while when a) restarting isakmpd
while VPN-connections exist or b) even without restarting isakmpd, maybe due to
funny Windows 2000-Clients.

quick&dirty solution: periodically (5 min cronjob) ping any local IP in your
network -> no response -> "ipsecadm flush"

PG

References:
- Restart of ISAKMPd Introduces Erroneous Routes
  - From: Jim Henderson <his_jimboness@yahoo.ca>

Prev by Date: Re: dhclient: default route not set
Next by Date: Re: Vortex RAID controller
Prev by thread: Re: Restart of ISAKMPd Introduces Erroneous Routes
Next by thread: Re: [Openbsd-misc] Re: The new apache license
Index(es):
- Date
- Thread