[vpnc-devel] vpnc-nortel for MAC OS (almost!)
Nat Budin
natbudin at gmail.com
Mon Sep 21 20:07:04 CEST 2009
OK, I tried that; however, setkey seems to return two messages as soon
as it's started, and then nothing while vpnc runs. For reference,
here is the output:
nbudin at kenichi-2:[~/vpnc-nortel-414]: sudo setkey -xH
14:03:58.906489
00000000: 02 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00
00000010: 02 0b 00 01 02 00 00 00 00 00 00 00 42 30 00 00
sadb_msg{ version=2 type=11 errno=0 satype=1
len=2 reserved=0 seq=0 pid=12354
14:03:58.906576
00000000: 02 0b 00 01 02 00 00 00 00 00 00 00 42 30 00 00
(These two messages came immediately when I ran the command. I then
repeatedly attempted to log into the VPN in a different terminal, but
nothing ever appeared in the setkey output.)
Nat
On Mon, Sep 21, 2009 at 1:19 PM, Antonio Borneo
<borneo.antonio at gmail.com> wrote:
> Hi Nat,
>
> the 2 warnings are from some printf(), we could skip them for the moment.
>
> Please run in another shell the command
> # setkey -x
> or
> # setkey -x -H
> that will dump the whole PF_KEY communication with kernel, and run vpnc again.
> Please send me the result of setkey. Since the communication stops
> quite early, I do not expect any secret info could be in the dump.
>
> Best Regards
> Antonio Borneo
>
> On Mon, Sep 21, 2009 at 11:04 PM, Nat Budin <natbudin at gmail.com> wrote:
>> Hi Antonio!
>>
>> I'm not sure it is true that my kernel doesn't support PF_KEY. From
>> Apple's developer site, specifically:
>> http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPages/man4/ipsec.4.html,
>> it appears it should be supported. I checked on my system and the
>> same manpage is present there. I've been playing around with gdb to
>> find out which packet is causing the error, and it appears that the
>> request is originating from kernel_ipsec_get_spi.
>>
>> I just tried it using revision 414, and the patch does apply cleanly
>> there. The only compile-time warnings I receive are:
>>
>> config.c: In function ‘do_config’:
>> config.c:840: warning: field precision should have type ‘int’, but
>> argument 2 has type ‘long unsigned int’
>>
>> isakmp-pkt.c: In function ‘parse_isakmp_packet’:
>> isakmp-pkt.c:931: warning: format ‘%d’ expects type ‘int’, but
>> argument 2 has type ‘size_t’
>>
>> which I believe are also present in the latest version from trunk.
>> However, I still get the same illegal argument error when I try to
>> connect using it.
>>
>> Cheers,
>> Nat
>>
>> On Mon, Sep 21, 2009 at 10:55 AM, Antonio Borneo
>> <borneo.antonio at gmail.com> wrote:
>>> Ciao Nat,
>>> surprised you get that error. Looks like your kernel do not support PF_KEY ...
>>> But I never tryed on Mac; don't have it... maybe some silly mistake by my side.
>>>
>>> Please try to use the same version on which I developed the patch.
>>> Download it with
>>> # svn co -r 414 http://svn.unix-ag.uni-kl.de/vpnc/branches/vpnc-nortel
>>> then apply patch and compile.
>>> Do you get any error or warning at compile time?
>>>
>>> Best Regards,
>>> Antonio Borneo
>>>
>>> On Mon, Sep 21, 2009 at 8:45 PM, Nat Budin <natbudin at gmail.com> wrote:
>>>> Hi,
>>>>
>>>> I downloaded and tested Antonio Borneo's patch from August 22, 2009
>>>> under Mac OS X 10.6. The patch didn't quite apply cleanly against the
>>>> latest SVN sources of vpnc-norlel, but it was not very hard to make
>>>> the appropriate changes.
>>>>
>>>> It seems there must be some small incompatibility, though, because
>>>> right after I type my password, I get the following message:
>>>>
>>>> error writing PF_KEY socket: Invalid argument
>>>>
>>>> Here is my debug output using --debug 2:
>>>> ...
>>>
>>
>
More information about the vpnc-devel
mailing list