[Openswan Users] 2.3.1 vs 2.2.0

Mitja Sladovic mitja at rageofdivine.net
Fri May 6 15:25:47 CEST 2005 

Hi,

I have done some test with openswan 2.3.1 on RHEL3...


*1) Router on other side was misconfigured, but never received this 
notification from openswan (with 2.2.0 notification is send): *

May  5 10:08:15 ircgate1 pluto[13695]: "aix" #20: cannot respond to 
IPsec SA request because no connection is known for 
192.168.1.0/24===193.xx.yy.zz...213.xx.yy.zz===10.10.0.0/16
May  5 10:08:15 ircgate1 pluto[13695]: "aix" #20: sending encrypted 
notification INVALID_ID_INFORMATION to 213.xx.yy.zz:500
May  5 10:08:15 ircgate1 pluto[13695]: "aix" #20: failed to build 
notification for spisize=0

*2) Openswan received this error (what is DOI_NOT_SUPPORTED ?) - pluto 
crashed after that (2.2.0 doesn't crash).*

May  5 10:06:05 ircgate1 pluto[9780]: packet from 213.xx.yy.zz:500: 
ignoring informational payload, type DOI_NOT_SUPPORTED
May  5 10:06:16 ircgate1 ipsec__plutorun: Restarting Pluto subsystem...

*3) Have experimented with SoftRemoteLT v10 - and have enabled 
compression (deflate) - but pluto crashed (2.2.0 doesn't crash):*

May  4 22:24:05 ircgate1 pluto[8037]: "cab_mitja" #42: transition from 
state STATE_MAIN_R2 to state STATE_MAIN_R3
May  4 22:24:05 ircgate1 pluto[8037]: "cab_mitja" #42: sent MR3, ISAKMP 
SA established
May  4 22:24:08 ircgate1 pluto[8037]: "cab_mitja" #43: ERROR: 
netlink_get_spi for comp.0 at 193.xx.yy.zz failed with errno 22: Invalid 
argument
May  4 22:24:08 ircgate1 pluto[8037]: "cab_mitja" #43: responding to 
Quick Mode {msgid:f318b50f}
May  4 22:24:08 ircgate1 pluto[8037]: "cab_mitja" #43: ERROR: netlink 
response for Add SA comp.0 at 193.xx.yy.zz included errno 3: No such process
May  4 22:24:08 ircgate1 pluto[8037]: | add_sa ipcomp failed
May  4 22:24:38 ircgate1 pluto[8037]: "cab_mitja" #43: ASSERTION FAILED 
at crypto.c:219: st->st_new_iv_len >= e->enc_blocksize


It looks, that 2.3.1 is much more unstable as 2.2.0.
Someone with the same problems? Or is this only RHEL3 specific?

Mitja
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050506/88a24763/attachment.htm

More information about the Users mailing list