[Openswan Users] OpenBSD interop problem

Ken Bantoft ken at xelerance.com
Mon May 10 23:00:14 CEST 2004



You might also try plutodebug=control in ipsec.conf to see what the 
various logging messages say about key_lens while parsing the packets.

Try commenting out the passert() call, and seeing what happens - this 
might be a temporary fix



On Mon, 10 May 2004, Nels Lindquist wrote:

> Hi there.
> 
> I'm trying to get OpenSWAN v1.0.3 to talk to OpenBSD.  Things are
> very close to working; Main mode works, SA established.
> 
> However, right after "responding to Quick Mode" I see the following
> error, and then pluto restarts:
> 
> > ip-39 pluto[3382]: "maei-darrnet" #11: ASSERTION FAILED at
> > kernel.c:2222: st->st_esp.keymat_len == key_len + ei->authkeylen
> > ip-39 ipsec__plutorun: Restarting Pluto subsystem...
> 
> I set things up according to Hans-Jörg Höxer's HOWTO at
> http://www.rommel.stw.uni-erlangen.de/~hshoexer/ipsec-
> howto/HOWTO.html
> 
> I'm using the following algorithms for esp on the Linux side:
> 
> > esp=aes128-sha1,aes128-md5,3des-md5
> 
> I have no problem connecting to Linux SFS or Windows (still working
> on NAT traversal there, though... :-)
> 
> How can I diagnose this problem?

-- 
Ken Bantoft			VP Business Development
ken at xelerance.com		Xelerance Corporation
sip://toronto.xelerance.com	http://www.xelerance.com

The future is here. It's just not evenly distributed yet. 
        -- William Gibson




More information about the Users mailing list