Hosting Provided By

RE: linux-ipsec: Latest IPsec and connecting two IP networks.... :-(

From: David Sainty <DavidSainty(at)cit.com.au>
Date: Tue Sep 01 1998 - 20:13:27 EDT

Makes sense.....

Is there any reason why the Aug30 IPsec would be "crashing" the networking on a machine given these problems, and with all AH references now obliterated? I found the bug mentioned below BTW. :-)

The symptom is:

You can ping 192.168.2.2.
You can ping the outside world via standard eth0.
You wait for a few minutes with varied network / Internet activity.
You can't ping the outside world (in this case the ISDN router even) or any IPsec stuff.

This is using the commands as previously posted, minus the AH line, on a clean boot with Linux 2.0.35.

David S..

___ <=> ______________________________________________________
//   _     David                     Network Administrator, //
//  / \     William                 Ci Technologies Pty Ltd //
//  \_/      Sainty..                Phone: +61-2-9855-1017 //
//   |                        mailto:DavidSainty@cit.com.au //
//  /|\                         WWW: 
http://www.cit.com.au/ //
//  / \                   Proverbs 3:6 / Linux Rocks!!!!!!! //


> -----Original Message-----


> From:	Henry Spencer [SMTP:henry@spsystems.net]
> Sent:	Wednesday, 2 September 1998 5:59
> To:	David Sainty
> Cc:	linux-ipsec@clinet.fi; Hugh Daniel; Richard Guy Briggs
> Subject:	Re: linux-ipsec: Latest IPsec and connecting two IP
> networks.... :-(
> 
> > Sep  1 21:27:40 sydney kernel: ahhmacmd5_init: incorrect key size:
> 56 --
> > must be 16 octets (bytes)
> 
> Okay, we found what's going on here.  There was a bug in the spi
> command
> (a complicated expression that got bitten by C's precedence rules),
> which
> fouled up memory allocation and generally made a mess of things in
> --ah.
> Fixed; updated snapshot is on its way to xs4all as I write this.
> 
> As mentioned earlier, you probably just want to use ESP's
> authentication
> and forget AH... but we're glad you didn't, since it led us to find
> this!
> 
> There is at least one more bug in using AH and ESP together, but we're
> not
> sure yet where it is -- it may be a Pluto problem and not something
> you'd
> run into with hand-keying. 
> 
>                                                           Henry
> Spencer
>  
> henry@spsystems.net

>
> (henry@zoo.toronto.edu) Received on Tue Sep 1 20:55:37 1998

This message: [ Message body ]
Next message: Henry Spencer: "RE: linux-ipsec: Latest IPsec and connecting two IP networks.... :-("
Previous message: Henry Spencer: "Re: linux-ipsec: Phase II PFS"
Next in thread: Henry Spencer: "RE: linux-ipsec: Latest IPsec and connecting two IP networks.... :-("
Reply: Henry Spencer: "RE: linux-ipsec: Latest IPsec and connecting two IP networks.... :-("

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:26 EDT