[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snap-users
Subject:    (KAME-snap 5055) Re: (snap 20010611) Still have PFS problems
From:       Shoichi Sakane <sakane () kame ! net>
Date:       2001-06-29 8:52:31
[Download RAW message or body]

> If I use 'claim', phase 2 negociation will fail, and I'll have
> the following error in my racoon.log:
> ERROR: isakmp_quick.c:1064:quick_r1recv(): KE payload and PFS attribute
> mismatched. 

to detect what happen, please apply below patch, and try to test with
"claim" for responder.  this will cause the debugging message detail.

thank you.

/Shoichi Sakane @ KAME project/

*** isakmp_quick.c.orig	Thu Jun 28 15:22:04 2001
--- isakmp_quick.c	Fri Jun 29 17:32:33 2001
***************
*** 1052,1061 ****
  	}
  
  	/* check KE and attribute of PFS */
! 	if ((iph2->dhpub_p != NULL && iph2->approval->pfs_group == 0)
! 	 || (iph2->dhpub_p == NULL && iph2->approval->pfs_group != 0)) {
  		plog(LLV_ERROR, LOCATION, NULL,
! 			"KE payload and PFS attribute mismatched.\n");
  		error = ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN;
  		goto end;
  	}
--- 1052,1066 ----
  	}
  
  	/* check KE and attribute of PFS */
! 	if (iph2->dhpub_p != NULL && iph2->approval->pfs_group == 0) {
  		plog(LLV_ERROR, LOCATION, NULL,
! 			"no PFS is specified, but peer sends KE.\n");
! 		error = ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN;
! 		goto end;
! 	}
! 	if (iph2->dhpub_p == NULL && iph2->approval->pfs_group != 0) {
! 		plog(LLV_ERROR, LOCATION, NULL,
! 			"PFS is specified, but peer doesn't sends KE.\n");
  		error = ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN;
  		goto end;
  	}

[prev in list] [next in list] [prev in thread] [next in thread]