Source: http://superuser.com/questions/194961/os-x-10-6-4-system-vpn-failing-to-connect-ike-packet-transmit-failed
"This occasionally occurs for me as well, e.g. when I switch between two different Cisco VPNs. It seems to be a minor crash in racoon somewhere*. Manually restarting the process seems to do the trick for me:$ ps -ef | grep racoon0 5861 1 0 0:00.09 ?? 0:00.15 /usr/sbin/racoon$ sudo kill 5861$ ps ax | grep racoon)> $ sudo /usr/sbin/racoon$ ps -ef | grep racoon0 6786 1 0 0:00.08 ?? 0:00.15 /usr/sbin/racoon -x(Don't know what the '-x' param does, it's not mentioned in the man page)(*) Haven't investigated"
Now its working! Real easy fix.
1 comment:
I had occasion to look up what the '-x' is for. Turns out it's for nothing; a workaround for some mysterious issue in CoreFoundation. In my case, on 10.6.7 Server, the -x only shows up when I run racoon from the command line. When launchd starts racoon, the -x isn't there (and then the L2TP extension kills the racoon process for no apparent reason but that's another matter).
Source code is here:
http://opensource.apple.com/source/ipsec/ipsec-93.13/ipsec-tools/racoon/main.c
Relevant snippets are (formatting hosed):
96: static int exec_done = 0; /* we've already been exec'd */
326:if ( !exec_done && launchedbylaunchd() ){
327:plog(LLV_INFO, LOCATION, NULL,
328:"racoon launched by launchd.\n");
329:exec_done = 1;
336:if (exec_done) {
337: if (atexit(cleanup_pidfile) < 0) {
338: plog(LLV_ERROR, LOCATION, NULL,
339: "cannot register pidfile cleanup");
340: }
373:/* setup args to re-exec - for CoreFoundation issues */
374:args[0] = PATHRACOON;
375:for (i = 1; i < ac; i++)
376: args[i] = *(av + i);
377:args[ac] = "-x"; /* tells racoon its been exec'd */
378:args[ac+1] = 0;
379:
380:execve(PATHRACOON, args, env);
381:plog(LLV_ERROR, LOCATION, NULL,
382: "failed to exec racoon. (%s)", strerror(errno));
383:exit(1);
519:case 'x':
520: exec_done = 1;
521: break;
Post a Comment