Hi , all : Linux kernel 2.6.19 , klips nat-t patched
Openswan 2.4.9 pluto not work after message 2008/12/14 16:36:10 INTERNET pluto[1415]: ERROR: "PROFILE_1"[676] 60.166.215.36 #21071: pfkey write() of SADB_ADD message 63711 for Add SA tun.4...@60.166.215.36 failed. Errno 28: No space left on device I defined only on roadwarrior connection , It worked well for quit a long time under 500 peers (Linksys box). Now clients increased to 700 and Pluto refused to work with lots of ERROR messages below . I “GREPED” only the first error connection for short . It happens at rekeying period . SADB buffer overflow ? … memory leak ?? Any suggestions , Thx /etc/ipsec.conf version 2 config setup interfaces=”ipsec0=eth0” pluto=yes plutowait=no plutodebug=none klipsdebug=none uniqueids=yes nat_traversal=no nhelpers=0 conn %default type=tunnel keyingtries=0 keyexchange=ike auto=start authby=secret auth=esp ikelifetime=1h rekeymargin=10m rekeyfuzz=20% keylife=8h compress=no conn PROFILE_1 pfs=yes keylife=3600s ikelifetime=86400s ike=des-md5-modp768,des-sha1-modp768,3des-md5,3des-sha1,3des-md5 esp=3des-md5 compress=no left=218.xx.xx.xx leftnexthop=218.xx.xx.xx leftsubnet=129.100.248.0/21 leftsourceip=129.100.253.50 auto=add right=%any rightsubnetwithin=0.0.0.0/0 #Disable Opportunistic Encryption conn block auto=ignore conn private auto=ignore conn private-or-clear auto=ignore conn clear-or-private auto=ignore conn clear auto=ignore conn packetdefault auto=ignore Log : 2008/12/14 15:45:26 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #18338: initiating Main Mode to replace #15846 2008/12/14 15:45:26 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #18338: You should NOT use insecure IKE algorithms (OAKLEY_DES_CBC)! 2008/12/14 15:45:26 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #18338: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 2008/12/14 15:45:26 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #18338: STATE_MAIN_I2: sent MI2, expecting MR2 2008/12/14 15:45:27 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #18338: I did not send a certificate because I do not have one. 2008/12/14 15:45:27 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #18338: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 2008/12/14 15:45:27 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #18338: STATE_MAIN_I3: sent MI3, expecting MR3 2008/12/14 15:45:27 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #18338: Main mode peer ID is ID_IPV4_ADDR: '60.166.215.36' 2008/12/14 15:45:27 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #18338: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 2008/12/14 15:45:27 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #18338: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_des_cbc_64 prf=oakley_md5 group=modp768} 2008/12/14 15:45:27 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #18340: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS to replace #15848 {using isakmp#18338} 2008/12/14 15:45:28 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #18340: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 2008/12/14 15:45:28 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #18340: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0xbbe29168 <0x9c158064 xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none} 2008/12/14 15:50:18 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #15846: received Delete SA(0xf432d9a4) payload: deleting IPSEC State #15848 2008/12/14 15:50:18 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #15846: received and ignored informational message 2008/12/14 16:33:43 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20930: initiating Main Mode to replace #18338 2008/12/14 16:33:44 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20930: You should NOT use insecure IKE algorithms (OAKLEY_DES_CBC)! 2008/12/14 16:33:44 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20930: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 2008/12/14 16:33:44 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20930: STATE_MAIN_I2: sent MI2, expecting MR2 2008/12/14 16:33:44 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20930: I did not send a certificate because I do not have one. 2008/12/14 16:33:44 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20930: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 2008/12/14 16:33:44 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20930: STATE_MAIN_I3: sent MI3, expecting MR3 2008/12/14 16:33:45 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20930: Main mode peer ID is ID_IPV4_ADDR: '60.166.215.36' 2008/12/14 16:33:45 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20930: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 2008/12/14 16:33:45 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20930: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_des_cbc_64 prf=oakley_md5 group=modp768} 2008/12/14 16:34:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20946: responding to Main Mode from unknown peer 60.166.215.36 2008/12/14 16:34:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20946: You should NOT use insecure IKE algorithms (OAKLEY_DES_CBC)! 2008/12/14 16:34:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20946: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 2008/12/14 16:34:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20946: STATE_MAIN_R1: sent MR1, expecting MI2 2008/12/14 16:34:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20946: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 2008/12/14 16:34:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20946: STATE_MAIN_R2: sent MR2, expecting MI3 2008/12/14 16:34:10 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20946: Main mode peer ID is ID_IPV4_ADDR: '60.166.215.36' 2008/12/14 16:34:10 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20946: I did not send a certificate because I do not have one. 2008/12/14 16:34:10 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20946: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 2008/12/14 16:34:10 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20946: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_des_cbc_64 prf=oakley_sha group=modp768} 2008/12/14 16:34:11 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20947: responding to Quick Mode {msgid:fcd27e1e} 2008/12/14 16:34:11 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20947: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 2008/12/14 16:34:11 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #20947: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 2008/12/14 16:34:11 INTERNET pluto[1415]: ERROR: "PROFILE_1"[676] 60.166.215.36 #20947: pfkey write() of SADB_ADD message 63627 for Add SA esp.d3719...@60.166.215.36 failed. Errno 28: No space left on device 2008/12/14 16:36:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #21069: responding to Main Mode from unknown peer 60.166.215.36 2008/12/14 16:36:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #21069: You should NOT use insecure IKE algorithms (OAKLEY_DES_CBC)! 2008/12/14 16:36:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #21069: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 2008/12/14 16:36:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #21069: STATE_MAIN_R1: sent MR1, expecting MI2 2008/12/14 16:36:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #21069: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 2008/12/14 16:36:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #21069: STATE_MAIN_R2: sent MR2, expecting MI3 2008/12/14 16:36:10 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #21069: Main mode peer ID is ID_IPV4_ADDR: '60.166.215.36' 2008/12/14 16:36:10 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #21069: I did not send a certificate because I do not have one. 2008/12/14 16:36:10 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #21069: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 2008/12/14 16:36:10 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #21069: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_des_cbc_64 prf=oakley_sha group=modp768} 2008/12/14 16:36:10 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #21071: responding to Quick Mode {msgid:fdc82638} 2008/12/14 16:36:10 INTERNET pluto[1415]: ERROR: "PROFILE_1"[676] 60.166.215.36 #21071: pfkey write() of SADB_ADD message 63711 for Add SA tun.4...@60.166.215.36 failed. Errno 28: No space left on device 2008/12/14 16:36:38 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #21113: responding to Main Mode from unknown peer 60.166.215.36 2008/12/14 16:36:38 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #21113: You should NOT use insecure IKE algorithms (OAKLEY_DES_CBC)! 2008/12/14 16:36:38 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #21113: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 2008/12/14 16:36:39 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #21113: STATE_MAIN_R1: sent MR1, expecting MI2 2008/12/14 16:36:39 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #21113: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 2008/12/14 16:36:39 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #21113: STATE_MAIN_R2: sent MR2, expecting MI3 2008/12/14 16:36:40 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #21113: Main mode peer ID is ID_IPV4_ADDR: '60.166.215.36' 2008/12/14 16:36:40 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #21113: I did not send a certificate because I do not have one. 2008/12/14 16:36:40 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #21113: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 2008/12/14 16:36:40 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #21113: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_des_cbc_64 prf=oakley_sha group=modp768} 2008/12/14 16:36:40 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36 #21118: responding to Quick Mode {msgid:04712648}
_______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot