freek at macfreek
Nov 19, 2009, 12:14 PM
Post #1 of 1
(877 views)
Permalink
|
|
Help: "PF_KEY socket: Invalid argument"
|
|
I'm one of those victims who must use Nortel's Contivity client for
work. So for, it has brought me mostly frustration and very little help.
So I'm thrilled with vpnc-nortel as an alternative.
So far, I have been able to compile it (see my previous emails).
However, I have not been able to create a working configuration, despite
some help from colleagues.
I'm using the following configuration (IP, username and password are
obviously fake, since I don't want to post them in public):
Vendor nortel
kernel ipsec
IPSec gateway 192.168.0.2
Local Port 501
IKE Authmode gpassword
IKE DH group dh1
Enable Single DES
IPSec ID mygroupid
IPSec secret mygrouppwd
Xauth username myusername
My first attempt was the about without the "IKE DH group dh1" and
"Enable Single DES". If I did that, I got the error:
> response was invalid [1]: (ISAKMP_N_INVALID_EXCHANGE_TYPE)(7)
This apparently means something like "Bad parameters. I'm not going to
help you. bye bye".
I understood that this is due to the fact that the Nortel Contivity does
not do triple-DES but is using the (rather insecure) single DES. Adding
the parameters does help.
What's more, if I now type a wrong password, I get the message
"authentication failed". So I presume that with the right password, I'm
past the authentication stage. Way to go.
Unfortunately, I still get the following error:
> error writing PF_KEY socket: Invalid argument
To be honest, I'm stuck now. I tried to look at the raw IPsec packets
with TCPdump and wireshark, but there's too much information in the
packets for me to decypher.
What's a good step to get this to work? Is there still something wrong
with the code, or is it with my configuration? What is the best way to
debug? Is there some documentation in the first place?
Any help is *greatly* appreciated!
Regards,
Freek Dijkstra
_______________________________________________
vpnc-devel mailing list
vpnc-devel [at] unix-ag
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/
|
