Re: isakmpd & "DELETE" message

[Håkan Olsson <ho@gbg.netman.se>]

On Fri, 11 Jun 1999 henric@ncal.verio.com wrote:

> 
> I'm trying to set up a VPN between my home box/private home network and
> my work network.  Everything seems to work for a while, but then I start
> getting log messages like the following:
> 
> Jun 11 13:35:53 box isakmpd: pf_key_v2_delete_spi: DELETE: No such
> process
> Jun 11 13:35:53 box last message repeated 3 times
> 

Hi.

The message you are seeing is isakmpd trying to clean up old SPIs that the
kernel already has expired. I.e it is not an error, just a "notice". (We
probably will change that message to be visible only when using the
debugging flags.)

The VPN itself should still be working, right?

...
> What else should I be looking at?  Is the configuration I'm using
> "sane"?  I'm going to "cvs up" both boxes again, but unless this is
> something that has been fixed in the last couple of days...
...

Your configuration file looks fine, I think.
(The [General]:'Listen-on' probably isn't required, still, YMMV.)

And FYI, the "Stayalive" flag for phase 1 and phase 2 SAs will be removed
in a upcoming release (not committed yet), as this logic will be managed
by the "Connections" (plus "Passive-connections") abstraction instead.

//Håkan

--
Håkan Olsson           Email: hakan@netman.se   Fax: (+46)31 779 7844
Network Management AB  Tel  : (+46)31 779 7840  Mob: (+46)708 437 337

PGP bits/KeyID  : 1024/CED5D55 1998/02/13 Hakan Olsson <ho@netman.se>
Key fingerprint :     4D 50 9F 03 ED A9 37 BD B6 16 96 59 22 C9 85 1D