[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

isakmpd & "DELETE" message

To: tech@openbsd.org
Subject: isakmpd & "DELETE" message
From: henric@ncal.verio.com
Date: Fri, 11 Jun 1999 14:19:51 -0700


I'm trying to set up a VPN between my home box/private home network and
my work network.  Everything seems to work for a while, but then I start
getting log messages like the following:

Jun 11 13:35:53 box isakmpd: pf_key_v2_delete_spi: DELETE: No such
process
Jun 11 13:35:53 box last message repeated 3 times

Both boxes are running OpenBSD-current (cvs up'ed as of this weekend).

I have complete logs (using -d -D0=99 -D1=99 -D2=99 -D3=99 -D4=99
-D5=99) of one of of these events (from both gateways).  Unfortunately,
it seems to want to take a while when I have the debugging going, so
each logfile is about 1.5MB after bzip2'ing them.  I'm a bit
uncomfortable sharing the detailed network info, but I'd be happy to
send them to someone recognizably OpenBSD-related.

What else should I be looking at?  Is the configuration I'm using
"sane"?  I'm going to "cvs up" both boxes again, but unless this is
something that has been fixed in the last couple of days...

The documentation is a little vague about how to set this up, but after
some experimentation I came up with something along these lines
(names/IPs changed and with the rest of the file identical to the
example "VPN-west.conf"):

[General]
Retransmits=            5
Exchange-max-time=      120
Listen-on=              1.0.0.1

# Incoming phase 1 negotiations are multiplexed on the source IP address
[Phase 1]
2.0.0.1=         ISAKMP-peer-pei

# These connections are walked over after config file parsing and told
# to the application layer so that it will inform us when traffic wants
to
# pass over them.  This means we can do on-demand keying.
[Phase 2]
Connections=            IPsec-home-work,IPsec-home-private-work

[ISAKMP-peer-pei]
Phase=                  1
Transport=              udp
Address=                2.0.0.1
Configuration=          Default-main-mode
Authentication=         randomjunkhere
Flags=                  Stayalive

[IPsec-home-work]
Phase=                  2
ISAKMP-peer=            ISAKMP-peer-pei
Configuration=          Default-quick-mode
Local-ID=               Net-home
Remote-ID=              Net-work
Flags=                  Stayalive

[IPsec-home-private-work]
Phase=                  2
ISAKMP-peer=            ISAKMP-peer-pei
Configuration=          Default-quick-mode
Local-ID=               Net-home-private
Remote-ID=              Net-work
Flags=                  Stayalive

[Net-work]
ID-type=                IPV4_ADDR_SUBNET
Network=                2.0.0.0
Netmask=                255.255.255.0

[Net-home]
ID-type=                IPV4_ADDR
Address=                1.0.0.1
#Netmask=               255.255.255.255

[Net-home-private]
ID-type=                IPV4_ADDR_SUBNET
Network=                192.168.1.0
Netmask=                255.255.255.0

Follow-Ups:
- Re: isakmpd & "DELETE" message
  - From: Håkan Olsson <ho@gbg.netman.se>

Prev by Date: Re: BIND 8 and DHCP
Next by Date: Re: isakmpd & "DELETE" message
Prev by thread: Re: BIND 8 and DHCP
Next by thread: Re: isakmpd & "DELETE" message
Index(es):
- Date
- Thread