<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-2" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi,<br>
<br>
I have done some test with openswan 2.3.1 on RHEL3...<br>
<br>
<br>
<b>1) Router on other side was misconfigured, but never received this
notification from openswan (with 2.2.0 notification is send): </b><br>
<br>
May 5 10:08:15 ircgate1 pluto[13695]: "aix" #20: cannot respond to
IPsec SA request because no connection is known for
192.168.1.0/24===193.xx.yy.zz...213.xx.yy.zz===10.10.0.0/16<br>
May 5 10:08:15 ircgate1 pluto[13695]: "aix" #20: sending encrypted
notification INVALID_ID_INFORMATION to 213.xx.yy.zz:500<br>
May 5 10:08:15 ircgate1 pluto[13695]: "aix" #20: failed to build
notification for spisize=0<br>
<br>
<b>2) Openswan received this error (what is DOI_NOT_SUPPORTED ?) -
pluto crashed after that (2.2.0 doesn't crash).</b><br>
<br>
May 5 10:06:05 ircgate1 pluto[9780]: packet from 213.xx.yy.zz:500:
ignoring informational payload, type DOI_NOT_SUPPORTED<br>
May 5 10:06:16 ircgate1 ipsec__plutorun: Restarting Pluto subsystem...<br>
<br>
<b>3) Have experimented with SoftRemoteLT v10 - and have enabled
compression (deflate) - but pluto crashed (2.2.0 doesn't crash):</b><br>
<br>
May 4 22:24:05 ircgate1 pluto[8037]: "cab_mitja" #42: transition from
state STATE_MAIN_R2 to state STATE_MAIN_R3<br>
May 4 22:24:05 ircgate1 pluto[8037]: "cab_mitja" #42: sent MR3, ISAKMP
SA established<br>
May 4 22:24:08 ircgate1 pluto[8037]: "cab_mitja" #43: ERROR:
netlink_get_spi for <a class="moz-txt-link-abbreviated" href="mailto:comp.0@193.xx.yy.zz">comp.0@193.xx.yy.zz</a> failed with errno 22: Invalid
argument<br>
May 4 22:24:08 ircgate1 pluto[8037]: "cab_mitja" #43: responding to
Quick Mode {msgid:f318b50f}<br>
May 4 22:24:08 ircgate1 pluto[8037]: "cab_mitja" #43: ERROR: netlink
response for Add SA <a class="moz-txt-link-abbreviated" href="mailto:comp.0@193.xx.yy.zz">comp.0@193.xx.yy.zz</a> included errno 3: No such
process<br>
May 4 22:24:08 ircgate1 pluto[8037]: | add_sa ipcomp failed<br>
May 4 22:24:38 ircgate1 pluto[8037]: "cab_mitja" #43: ASSERTION FAILED
at crypto.c:219: st->st_new_iv_len >= e->enc_blocksize<br>
<br>
<br>
It looks, that 2.3.1 is much more unstable as 2.2.0.<br>
Someone with the same problems? Or is this only RHEL3 specific?<br>
<br>
Mitja<br>
</body>
</html>