Ah =) Thanks! // rancor
2011/7/4 Stuart Henderson <[email protected]>: > On 2011-07-02, rancor <[email protected]> wrote: >> Hi. >> >> I have two separate ipsec tunnels from 4.9 boxes and both are >> generating this message i /var/log/messages once every hour or two >> Jul 2 08:14:54 <hostname> isakmpd[28247]: message_recv: invalid >> cookie(s) 576<scrambled>03c2 >> Jul 2 08:14:54 <hostname> isakmpd[28247]: dropped message from >> x.x.x.x port 500 due to notification type INVALID_COOKIE >> >> The tunnels works perfect but I still wounder why I got this message. >> >> This is my ipsec.conf on host x >> ike esp transport from x.x.x.x to y.y.y.y psk <scrambled> >> >> and on host y >> ike esp transport from y.y.y.y to x.x.x.x psk <scrambled> >> >> Any idea? >> >> Best regards rancor >> >> > > If you're running isakmpd from 4.8 or 4.9 with IKE you want to pull > up src/sbin/isakmpd/dh.c to r1.14 otherwise you will certainly > see problems from time to time.
