Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Invalid agument

    IPsec
    3
    4
    3117
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jonb last edited by

      I get this in my IPsec logs and I was wondering if it is a problem.

      Nov 9 17:46:59 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=19)
      Nov 9 17:46:59 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
      Nov 9 17:46:59 racoon: INFO: fe80::206:5bff::c%xl0[500] used as isakmp port (fd=20)
      Nov 9 17:46:59 racoon: INFO: fe80::210:a7ff:      :      %rl0[500] used as isakmp port (fd=21)
      Nov 9 17:46:59 racoon: INFO: 10.255.0.200[500] used as isakmp port (fd=22)
      Nov 9 17:46:59 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
      Nov 9 17:46:59 racoon: INFO: 194.106..[500] used as isakmp port (fd=15)
      Nov 9 17:46:59 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
      Nov 9 17:46:59 racoon: INFO: fe80::210:a7ff::%ng0[500] used as isakmp port (fd=16)
      Nov 9 17:46:59 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=17)
      Nov 9 17:46:59 racoon: INFO: ::1[500] used as isakmp port (fd=18)
      Nov 9 17:46:59 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=19)
      Nov 9 17:46:59 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
      Nov 9 17:46:59 racoon: INFO: fe80::206:5bff::%xl0[500] used as isakmp port (fd=20)
      Nov 9 17:46:59 racoon: INFO: fe80::210:a7ff::%rl0[500] used as isakmp port (fd=21)
      Nov 9 17:46:59 racoon: INFO: 10.255.0.[500] used as isakmp port (fd=22)
      Nov 9 17:46:59 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
      Nov 9 17:46:59 racoon: INFO: 194.106.      .[500] used as isakmp port (fd=15)
      Nov 9 17:46:59 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
      Nov 9 17:46:59 racoon: INFO: fe80::210:a7ff:      :%ng0[500] used as isakmp port (fd=16)
      Nov 9 17:46:59 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=17)
      Nov 9 17:46:59 racoon: INFO: ::1[500] used as isakmp port (fd=18)
      Nov 9 17:46:59 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=19)
      Nov 9 17:46:59 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
      Nov 9 17:46:59 racoon: INFO: fe80::206:5bff:      :%xl0[500] used as isakmp port (fd=20)
      Nov 9 17:46:59 racoon: INFO: fe80::210:a7ff:      :%rl0[500] used as isakmp port (fd=21)
      Nov 9 17:46:59 racoon: INFO: 10.255.0.      [500] used as isakmp port (fd=22)
      Nov 9 17:46:59 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
      Nov 10 08:54:12 racoon: INFO: caught signal 15
      Nov 10 08:54:13 racoon: INFO: racoon shutdown
      Nov 10 08:54:14 racoon: INFO: @(#)ipsec-tools 0.6.6 (http://ipsec-tools.sourceforge.net)
      Nov 10 08:54:14 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
      Nov 10 08:54:14 racoon: INFO: 194.106..[500] used as isakmp port (fd=13)
      Nov 10 08:54:14 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
      Nov 10 08:54:14 racoon: INFO: fe80::210:a7ff::%ng0[500] used as isakmp port (fd=14)
      Nov 10 08:54:14 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=15)
      Nov 10 08:54:14 racoon: INFO: ::1[500] used as isakmp port (fd=16)
      Nov 10 08:54:14 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=17)
      Nov 10 08:54:14 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
      Nov 10 08:54:14 racoon: INFO: fe80::206:5bff::c%xl0[500] used as isakmp port (fd=18)
      Nov 10 08:54:14 racoon: INFO: fe80::210:a7ff:      :      %rl0[500] used as isakmp port (fd=19)
      Nov 10 08:54:14 racoon: INFO: 10.255..[500] used as isakmp port (fd=20)
      Nov 10 08:54:14 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
      Nov 10 08:55:00 racoon: INFO: IPsec-SA request for 195.92.46.30 queued due to no phase1 found.
      Nov 10 08:55:00 racoon: INFO: initiate new phase 1 negotiation: 194.106..[500]<=>195.92..[500]
      Nov 10 08:55:00 racoon: INFO: begin Identity Protection mode.
      Nov 10 08:55:00 racoon: INFO: ISAKMP-SA established 194.106..[500]-195.92..[500] spi:d552305673dcc01e:698fe871d3817e9d
      Nov 10 08:55:01 racoon: INFO: initiate new phase 2 negotiation: 194.106..[500]<=>195.92..[500]
      Nov 10 08:55:01 racoon: INFO: IPsec-SA established: ESP/Tunnel 195.92..[0]->194.106..[0] spi=178045249(0xa9cc141)
      Nov 10 08:55:01 racoon: INFO: IPsec-SA established: ESP/Tunnel 194.106..[0]->195.92..[0] spi=3655367396(0xd9e07ae4)

      1 Reply Last reply Reply Quote 0
      • H
        hoba last edited by

        As long as it is working you can consider it being just a debug output. Racoon is logging quite a lot of info usually.

        1 Reply Last reply Reply Quote 0
        • J
          Jonb last edited by

          It is working.  Somtimes it takes awail or I have to resave the ipsec stuff then it works.  I was just wondering over the invalid agument bit.

          1 Reply Last reply Reply Quote 0
          • D
            Delex last edited by

            What happens if you increase the PFS key group setting to 2 on the second layer.
            I had this problem also, renewed the setup several times and now its gone (now using ESP-3DES-SHA1-PFS Key 2).

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy