Re: isakmpd Default main: select: Bad file descriptor

Mon, 12 Mar 2007 12:44:11 -0800 

On Mon, Mar 12 2007 at 44:12, Sebastian Reitenbach wrote:
> Hi list,
Hi,

> I try to setup ipsec with isakmpd -K and ipsecctl on a OpenBSD 4.0 host. I had
> it running on 
> friday, using the following configuration:
> 
> ike active esp from 192.168.100.0/24 to 192.168.101.0/24 \
>         local 24.24.24.24 peer 42.173.16.1 \
>         main auth hmac-md5 enc aes group grp2 \
>         quick auth hmac-md5 enc aes group grp2 \
>         psk MySekret
I opened a bug when the symetric encryptin is set to AES. I found the
same behavior as yours. I didn't took the time to investigate but
changing the encryption to 3des resolved the issue.

There is certainly an error in the ipsecctl generated output for
isakmpd. 

regards,

Claer


> 
> I started isakmpd -K and then did an ipsecctl -vv -c /etc/ipsec.conf, and 
> then I
> immediately 
> get a Bad file descriptor, see below:
> 
> 122049.815507 UI   30 ui_config: "C set [Phase 1]:42.173.16.1=peer-42.173.16.1
> force"
> 122049.815901 UI   30 ui_config: "C set [peer-42.173.16.1]:Phase=1 force"
> 122049.815971 UI   30 ui_config: "C set [peer-42.173.16.1]:Address=42.173.16.1
> force"
> 122049.816031 UI   30 ui_config: "C set
> [peer-42.173.16.1]:Local-address=212.204.56.174 
> force"
> 122049.816141 UI   30 ui_config: "C set
> [peer-42.173.16.1]:Authentication=MySekret force"
> 122049.816202 UI   30 ui_config: "C set
> [peer-42.173.16.1]:Configuration=mm-42.173.16.1 
> force"
> 122049.816297 UI   30 ui_config: "C set [mm-42.173.16.1]:EXCHANGE_TYPE=ID_PROT
> force"
> 122049.816366 UI   30 ui_config: "C add
> [mm-42.173.16.1]:Transforms=3DES-MD5-GRP2 force"
> 122049.816467 Default main: select: Bad file descriptor
> 122050.817017 Default main: select: Bad file descriptor
> 122051.827071 Default main: select: Bad file descriptor
> 122052.837085 Default main: select: Bad file descriptor
> 122053.847123 Default main: select: Bad file descriptor
> 
> I have seen this "Bad file descriptor" on friday too, after a reboot of the
> machine, 
> it "dissapeared". Unfortunately I do not know, what the problem was and how it
> got fixed by 
> the reboot. What could cause the "Bad file descriptor" error message? Do I can
> fix it, with 
> raising some sysctl values or raising values in /etc/login.conf? A pointer in
> the right 
> direction would be great. Just rebooting does not work 
> 
> 
> kind regards
> Sebastian

Reply via email to