On Mon, Mar 12 2007 at 44:12, Sebastian Reitenbach wrote: > Hi list, Hi,
> I try to setup ipsec with isakmpd -K and ipsecctl on a OpenBSD 4.0 host. I had > it running on > friday, using the following configuration: > > ike active esp from 192.168.100.0/24 to 192.168.101.0/24 \ > local 24.24.24.24 peer 42.173.16.1 \ > main auth hmac-md5 enc aes group grp2 \ > quick auth hmac-md5 enc aes group grp2 \ > psk MySekret I opened a bug when the symetric encryptin is set to AES. I found the same behavior as yours. I didn't took the time to investigate but changing the encryption to 3des resolved the issue. There is certainly an error in the ipsecctl generated output for isakmpd. regards, Claer > > I started isakmpd -K and then did an ipsecctl -vv -c /etc/ipsec.conf, and > then I > immediately > get a Bad file descriptor, see below: > > 122049.815507 UI 30 ui_config: "C set [Phase 1]:42.173.16.1=peer-42.173.16.1 > force" > 122049.815901 UI 30 ui_config: "C set [peer-42.173.16.1]:Phase=1 force" > 122049.815971 UI 30 ui_config: "C set [peer-42.173.16.1]:Address=42.173.16.1 > force" > 122049.816031 UI 30 ui_config: "C set > [peer-42.173.16.1]:Local-address=212.204.56.174 > force" > 122049.816141 UI 30 ui_config: "C set > [peer-42.173.16.1]:Authentication=MySekret force" > 122049.816202 UI 30 ui_config: "C set > [peer-42.173.16.1]:Configuration=mm-42.173.16.1 > force" > 122049.816297 UI 30 ui_config: "C set [mm-42.173.16.1]:EXCHANGE_TYPE=ID_PROT > force" > 122049.816366 UI 30 ui_config: "C add > [mm-42.173.16.1]:Transforms=3DES-MD5-GRP2 force" > 122049.816467 Default main: select: Bad file descriptor > 122050.817017 Default main: select: Bad file descriptor > 122051.827071 Default main: select: Bad file descriptor > 122052.837085 Default main: select: Bad file descriptor > 122053.847123 Default main: select: Bad file descriptor > > I have seen this "Bad file descriptor" on friday too, after a reboot of the > machine, > it "dissapeared". Unfortunately I do not know, what the problem was and how it > got fixed by > the reboot. What could cause the "Bad file descriptor" error message? Do I can > fix it, with > raising some sysctl values or raising values in /etc/login.conf? A pointer in > the right > direction would be great. Just rebooting does not work > > > kind regards > Sebastian