Invalid agument



  • I get this in my IPsec logs and I was wondering if it is a problem.

    Nov 9 17:46:59 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=19)
    Nov 9 17:46:59 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
    Nov 9 17:46:59 racoon: INFO: fe80::206:5bff::c%xl0[500] used as isakmp port (fd=20)
    Nov 9 17:46:59 racoon: INFO: fe80::210:a7ff:
    :
    %rl0[500] used as isakmp port (fd=21)
    Nov 9 17:46:59 racoon: INFO: 10.255.0.200[500] used as isakmp port (fd=22)
    Nov 9 17:46:59 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
    Nov 9 17:46:59 racoon: INFO: 194.106..[500] used as isakmp port (fd=15)
    Nov 9 17:46:59 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
    Nov 9 17:46:59 racoon: INFO: fe80::210:a7ff::%ng0[500] used as isakmp port (fd=16)
    Nov 9 17:46:59 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=17)
    Nov 9 17:46:59 racoon: INFO: ::1[500] used as isakmp port (fd=18)
    Nov 9 17:46:59 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=19)
    Nov 9 17:46:59 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
    Nov 9 17:46:59 racoon: INFO: fe80::206:5bff::%xl0[500] used as isakmp port (fd=20)
    Nov 9 17:46:59 racoon: INFO: fe80::210:a7ff::%rl0[500] used as isakmp port (fd=21)
    Nov 9 17:46:59 racoon: INFO: 10.255.0.[500] used as isakmp port (fd=22)
    Nov 9 17:46:59 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
    Nov 9 17:46:59 racoon: INFO: 194.106.
    .[500] used as isakmp port (fd=15)
    Nov 9 17:46:59 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
    Nov 9 17:46:59 racoon: INFO: fe80::210:a7ff:
    :%ng0[500] used as isakmp port (fd=16)
    Nov 9 17:46:59 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=17)
    Nov 9 17:46:59 racoon: INFO: ::1[500] used as isakmp port (fd=18)
    Nov 9 17:46:59 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=19)
    Nov 9 17:46:59 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
    Nov 9 17:46:59 racoon: INFO: fe80::206:5bff:
    :%xl0[500] used as isakmp port (fd=20)
    Nov 9 17:46:59 racoon: INFO: fe80::210:a7ff:
    :%rl0[500] used as isakmp port (fd=21)
    Nov 9 17:46:59 racoon: INFO: 10.255.0.
    [500] used as isakmp port (fd=22)
    Nov 9 17:46:59 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
    Nov 10 08:54:12 racoon: INFO: caught signal 15
    Nov 10 08:54:13 racoon: INFO: racoon shutdown
    Nov 10 08:54:14 racoon: INFO: @(#)ipsec-tools 0.6.6 (http://ipsec-tools.sourceforge.net)
    Nov 10 08:54:14 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
    Nov 10 08:54:14 racoon: INFO: 194.106..[500] used as isakmp port (fd=13)
    Nov 10 08:54:14 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
    Nov 10 08:54:14 racoon: INFO: fe80::210:a7ff::%ng0[500] used as isakmp port (fd=14)
    Nov 10 08:54:14 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=15)
    Nov 10 08:54:14 racoon: INFO: ::1[500] used as isakmp port (fd=16)
    Nov 10 08:54:14 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=17)
    Nov 10 08:54:14 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
    Nov 10 08:54:14 racoon: INFO: fe80::206:5bff::c%xl0[500] used as isakmp port (fd=18)
    Nov 10 08:54:14 racoon: INFO: fe80::210:a7ff:
    :
    %rl0[500] used as isakmp port (fd=19)
    Nov 10 08:54:14 racoon: INFO: 10.255..[500] used as isakmp port (fd=20)
    Nov 10 08:54:14 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
    Nov 10 08:55:00 racoon: INFO: IPsec-SA request for 195.92.46.30 queued due to no phase1 found.
    Nov 10 08:55:00 racoon: INFO: initiate new phase 1 negotiation: 194.106..[500]<=>195.92..[500]
    Nov 10 08:55:00 racoon: INFO: begin Identity Protection mode.
    Nov 10 08:55:00 racoon: INFO: ISAKMP-SA established 194.106..[500]-195.92..[500] spi:d552305673dcc01e:698fe871d3817e9d
    Nov 10 08:55:01 racoon: INFO: initiate new phase 2 negotiation: 194.106..[500]<=>195.92..[500]
    Nov 10 08:55:01 racoon: INFO: IPsec-SA established: ESP/Tunnel 195.92..[0]->194.106..[0] spi=178045249(0xa9cc141)
    Nov 10 08:55:01 racoon: INFO: IPsec-SA established: ESP/Tunnel 194.106..[0]->195.92..[0] spi=3655367396(0xd9e07ae4)



  • As long as it is working you can consider it being just a debug output. Racoon is logging quite a lot of info usually.



  • It is working.  Somtimes it takes awail or I have to resave the ipsec stuff then it works.  I was just wondering over the invalid agument bit.



  • What happens if you increase the PFS key group setting to 2 on the second layer.
    I had this problem also, renewed the setup several times and now its gone (now using ESP-3DES-SHA1-PFS Key 2).


Locked