Problems with k_deflt-2.4.19-329 and IPSEC
All, I upgraded two firewalls to use the new kernel package k_deflt-2.4.19-329 this morning. The upgrade worked fine and the IPSEC tunnel through these firewalls worked fine for a while (about 6 hours). Now the tunnels are down and wont come up again, the kernel is complaining in /var/log/messages: Jul 22 10:55:12 <hostname> pluto[1273]: "maynard-walter" #8: initiating Main Mode to replace #7 Jul 22 10:55:45 <hostname> pluto[1273]: "maynard-walter" #8: ERROR: asynchronous network error report on eth0 for message to <remote ipsec gateway address> port 500, complainant <local firewall ip address>: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] and then later on: Jul 22 14:02:30 <hostname> kernel: ; found spi=0x983262c7, dst=XXX.XXX.XXX.XXX, proto=3/ESP Jul 22 14:02:30 <hostname> kernel: ipsec4_rcv: incoming packet failed policy check; dropped When I try to restart ipsec, I see the following messages: /root# /etc/init.d/ipsec start ipsec_setup: Starting FreeS/WAN IPsec 1.98b... ipsec_setup: Using /lib/modules/2.4.19-4GB/kernel/net/ipv4/ipsec/ipsec.o ipsec_setup: /usr/lib/ipsec/_startklips: line 269: /proc/sys/net/ipsec/inbound_policy_check: No such file or directory I have reverted back to the old kernel, hopefully that will be stable again. Since both machines I upgraded showed that same fault at about the same time, I blame the new kernel... Any thoughts ? Thanks -- Daniel Nilsson Signal Integrity Software Inc.
participants (4)
-
Daniel Nilsson
-
Markus Gaugusch
-
Radu Voicu
-
Roman Drahtmueller