Re: linux-ipsec: Latest snapshot and 2.0.35

From: Michael H. Warfield <mhw(at)alcove.wittsend.com>
Date: Tue Aug 04 1998 - 12:25:46 EDT

        Current notes and observations at bottom...

Richard Guy Briggs enscribed thusly:

> > > 'Fraid not... Just got around to testing both the July31 and the

> > Sigh, it's become clear that I really need a 5.1 system up for testing,

> I will do that soon too with an extra external SCSI disk for testing.

> > > Questions... Should the newer module interoperate with the older

> > Not promised, but likely.

> Usually, but I made a recent change(this week).

        Noted...

> > > Should I be able to unload the ipsec module?

> > Supposed to be possible, yes. Again, might be temporarily broken...

> It should work.

        Confirmed... Does appear to work. My only concern was over the struggles I was having trying to get the utilities to work. That now appears to have been a bug in pluto and some probable syntax errors when typing the tncfg command.

> > Henry Spencer

> slainte mhath, RGB

        Going back to a different message on the RedHat 5.x thread...

> > Still have the header problems in all of the klips/utils files

>	Here is what I had to do...

> 

>	spi.c and spigrp.c - remove the include for  (they cause

> a conflict over htonl and ntohl).

>	tncfg.c - remove the include for 

> 

>	All .c files containing include for  - added include

> for <linux/types.h> if it was not already present (was already there in
> All files now compile on both RedHat 4.x and RedHat 5.x cleanly
> with no additional #ifdef's.

        These fixes haven't made it into the snapshots yet and I forgot to list one addition. The file tncfg.c needs an additional include for <errno.h>. This is not getting included by any of the other headers under Glibc but apparently was under the old headers. Needs an explicit include now. Does no harm under the 4.2 builds.

        I've now gotten to the point where pluto on each end is trying to setup the connection. When I do a "whack 501 {remba} 500" on the system WittSend, I get a bunch of errors on the Rebma system as follows:

] Starting Pluto (FreeS/WAN Version snap1998Aug2)
] not enough room in packet for ISAKMP Proposal Payload
] next payload type of ISAKMP Generic Payload has an unknown value: 184
] malformed payload in packet from {WittsEnd}, port 500
] not enough room in packet for ISAKMP Proposal Payload
] next payload type of ISAKMP Generic Payload has an unknown value: 184
] malformed payload in packet from {WittsEnd}, port 500
] next payload type of ISAKMP Generic Payload has an unknown value: 54
] malformed payload in packet from {WittsEnd}, port 500
] next payload type of ISAKMP Generic Payload has an unknown value: 54
] malformed payload in packet from {WittsEnd}, port 500
] max number of retransmissions(2) reached for {WittsEnd}, port 500
] SA expired for {WittsEnd}, port 500

	{Rebma} == IP address for Rebma on a class C network
	{WittsEnd} == IP address for WittsEnd on a class B network, subnet /24

	I'm about to retest everything with the Aug4 snapshot.  I've added

yet another system to test against, so I now have a 4.2 system and a 5.1 system which reside on the same Class C network (Amber and Remba) while my original 4.2 system (WittsEnd) is on a total different network entirely.

	Regards,
	Mike

-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  
http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

Received on Tue Aug 4 12:25:55 1998