[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openikev2-users
Subject:    [openikev2-users] Can't get ping to go thru when openikev2 is
From:       alejandro_perez () dif ! um ! es (Alejandro =?ISO-8859-1?Q?P=E9rez_M=E9ndez?=)
Date:       2006-12-14 1:02:22
Message-ID: 1166054604.5124.8.camel () isabel
[Download RAW message or body]

Hi Sue,
see inline

> Hi
>  
> I have openikev2 and my ikev2 setup to run tunnel mode. I could ping
> just fine if I initiate from my ikev2 but if I flush everything and
> ping from openikev2 first, the ping will never go thru.
>  
> Attached is the log and the setkey -D, DP. The key seems to be
> generate correctly and openike will stay at line
> Alarm=[B8:93:3D:09]: Alarm reset

The problems seems to be related with the negotiated selectors. The
negotiated CHILD only accepts ECHO request (type 8) and not ECHO replies
(type 0). This bug will be solved in the next version of openikev2, that
will be released soon.

>  
> If I ctrl+break openikev2, then it will show the error 
> [ERROR] IKE_SA=[01:00:00:00:00:00:00:00]: Exception: Message: Parsing:
> PAYLOAD_DEL: spi_size = 0, spi_count != 0.
>  
> Could you tell me if this error has anything do with the failure?

It seems the other IKEv2 implementation is responding to the DELETE
exchange with an malformed DELETE PAYLOAD. The SPI_SIZE is 0 but the
SPI_COUNT != 0.

Regards,
Alejandro

[prev in list] [next in list] [prev in thread] [next in thread]