[Openswan Users] OpenBSD interop problem

Nels Lindquist nlindq at maei.ca
Wed May 12 15:12:42 CEST 2004 

On 10 May 2004 at 22:00, Ken Bantoft wrote:

> You might also try plutodebug=control in ipsec.conf to see what the 
> various logging messages say about key_lens while parsing the packets.

I enabled pluto control debugging and compared two sections of my 
logfile, one where OpenBSD is trying to connect and the problem 
occurs, and the other is a connection from SFS on Linux.

First, Linux:

> ip-39 pluto[22796]: "rw-rapier" #4: responding to Quick Mode
> ip-39 pluto[22796]: | kernel_alg_esp_auth_keylen(auth=2, sadb_aalg=3):
> a_keylen=20 
> ip-39 pluto[22796]: | route owner of "rw-rapier" CK_PERMANENT
> unrouted: NULL; eroute owner: NULL 
> ip-39 pluto[22796]: | add inbound eroute 68.148.225.89/32:0 ->
> 206.75.202.39/32:0 => tun.1003 at 206.75.202.39:0 
> ip-39 pluto[22796]: "rw-rapier" #4: transition from state (null) to
> state STATE_QUICK_R1 
> ip-39 pluto[22796]: | inserting event EVENT_RETRANSMIT, timeout in 10
> seconds for #4 
> ip-39 pluto[22796]: | next event EVENT_RETRANSMIT in 10 seconds for #4

Next, OpenBSD:

> ip-39 pluto[18383]: "maei-darrnet" #4: responding to Quick Mode
> ip-39 pluto[18383]: | kernel_alg_esp_auth_keylen(auth=2, sadb_aalg=3):
> a_keylen=20 
> ip-39 pluto[18383]: | route owner of "maei-darrnet" CK_PERMANENT
> unrouted: NULL 
> ip-39 pluto[18383]: | route owner of "maei-darrnet" CK_PERMANENT
> unrouted: NULL; eroute owner: NULL 
> ip-39 pluto[18383]: | keymat_len=36 key_len=32 authkeylen=20 
> ip-39 pluto[18383]: "maei-darrnet" #4: ASSERTION FAILED at
> kernel.c:2222: st->st_esp.keymat_len == key_len + ei->authkeylen 
> ip-39 ipsec__plutorun: Restarting Pluto subsystem... 

The kernel_alg_esp_auth_keylen stuff actually appears to be the same! 
The difference appears in the "route owner of..." line.
 
> Try commenting out the passert() call, and seeing what happens - this 
> might be a temporary fix

What does the passert() call do?

I'll get my box recompiling, I geuss.  That'll take a while. :-)

----
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.

More information about the Users mailing list