[vpn-help] -12 against ipsec-tools 0.6.6
Matthew Grooms
mgrooms at shrew.net
Wed Aug 9 16:47:49 CDT 2006
Peter,
I assume this is an unrelated problem? It looks like an issue with the
DHCP interaction between the client and the os.
> ii : inspecting VNet ARP request ...
> ii : inspecting VNet ARP request ...
> ii : inspecting VNet ARP request ...
> ii : inspecting VNet DHCP packet ...
> !! : DHCP message type is invalid ( 8 )
> ii : inspecting VNet DHCP packet ...
> !! : DHCP message type is invalid ( 8 )
>
By submitting this log you helped me fix a different bug all together.
The sequence below should not happen and required a fix ...
> ii : resending ip packet
> <- : recv IKE packet from 10.1.101.26:500 ( 92 bytes )
> DB : ipsec peer found
> DB : phase1 sa found
> DB : config found
> =< : decrypt iv ( 8 bytes )
> <= : decrypt packet ( 92 bytes )
> == : stored iv ( 8 bytes )
> << : hash payload
> !! : invalid hash size ( 18079 != 16 )
> DB : config dereferenced ( ref count = 0, config count = 1 )
> DB : phase1 sa dereferenced ( ref count = 0, phase1 count = 1 )
> DB : tunnel dereferenced ( ref count = 2, tunnel count = 1 )
> ii : resending ip packet
> <- : recv IKE packet from 10.1.101.26:500 ( 92 bytes )
> DB : ipsec peer found
> DB : phase1 sa found
> DB : config found
> =< : decrypt iv ( 8 bytes )
> <= : decrypt packet ( 92 bytes )
> == : stored iv ( 8 bytes )
> << : hash payload
> !! : invalid hash size ( 30324 != 16 )
... Here is the commit log ...
Clear the resend queue when the modecfg configuration is complete. This
was causing multiple configuration exchanges to occur after we already
received a response from the server. This error was noticed while
reviewing a log submitted by Peter Eisch.
... and an updated package has been uploaded to the same location.
http://www.shrew.net/vpn/vpn-client-1.0-rc-2.exe
Could you enable the "Packet Dump for Private interface Traffic" which
should show the DHCP conversation and send it to me please. I would like
to see whats going on there.
Thanks again for the excellent feedback,
-Matthew
More information about the vpn-help
mailing list