[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ipsec setkey and 2.4.21 kernel

Mark Devin wrote:
I have been running a custom compiled 2.4.21 kernel using the kernel source package from Adrian Bunk's site on Woody. I had an ipsec link setup and it was working well using the Kame implementation which debian has backported into the 2.4.21 kernel sources.
I just recompiled my kernel today with the latest 2.4.21 kernel source deb (from Adrian Bunk's site). Now setkey refuses to load my policies which are unchanged from what was working before. 

Does anyone have any idea how to fix this?

Here is the contents of the file I am passing to setkey:
------------------------------
#!/usr/sbin/setkey -f
flush;
spdflush;

spdadd 192.168.99.0/24[any] 192.168.99.0/24[any] any
        -P out ipsec esp/tunnel/192.168.1.1-192.168.1.74/require;

spdadd 192.168.99.0/24[any] 192.168.99.0/24[any] any
        -P in ipsec esp/tunnel/192.168.1.74-192.168.1.1/require;
------------------------------
And here is the errors setkey produces:
------------------------------
# setkey -f /etc/ipsec.conf
The result of line 6: Invalid argument.
The result of line 9: Invalid argument.
------------------------------
I have tried recompiling ipsec-tools from unstable sources. I also made sure the 2.4.21 kernel headers were being used during the compile process for the ipsec-tools package by ensuring the configure script was passed the appropriate --with-kernel-headers parameter in debian/rules. 

Any other ideas?
Actually, it seems to only not work when trying to specify a policy to require tunnel mode. I can load transport policies OK with setkey. However, tunnel mode policies fail with setkey returning "Invalid argument". 

Regards.
Mark.
Reply to: