skip fails in S2S after apply nw65sp6

S2S environment with a mixed environment, IKE and SKIP VPN servers. After upgrade some of the SKIP ( NBM 3.8) servers to NW65SP6, they will no longer accept SKIP configuration from the master. For instance, when introducing a new BM3.8 slave into the VPN with both, IKE and SKIP config, so that it's capable of communicating with old 3.7 slaves. This works perfectly fine for slaves with NW65SP5, but new slaves with NW65SP6 will stick in "Being Configured" for the SKIP config only forever, and will never even activate any SKIP config. The remaining 3.7 servers still work fine. Also the IKE communication between 3.8 servers is not affected.

There is a problem with the new NICI modules shipped with NW65SP6. It has been reported to engineering.
This issue will stop new configuration changes to be accepted by the slave but the tunnel will remaing up and running.

Update on 7-feb-2007

There is an internal vpslave.nlm that fixes this issue. Please contact Novell support to get it.

The log file on the master will show:

Control     Client xxx.VPN‑User.xxx added to IPSEC.

Click to view details of this message   01/18/2007      03:52:18 PM     VPN

Control     Failed VPN member notifications. Will retry in 15 minutes.

Click to view details of this message   01/18/2007      03:52:18 PM     VPN

Control     Failed configuring VPN member xxx. Failed sending configuration

information from master to member

Click to view details of this message   01/18/2007      03:52:18 PM     VPN

Control     Invalid length on response packet from slave

And the slave will show:

Click to view details of this message   01/18/2007      04:08:30 PM     VPN

Control     Closed connection from master.

Click to view details of this message   01/18/2007      04:08:30 PM     VPN

Control     Possible intruder ‑ received packet has an invalid signature.