Re: ipsec setkey and 2.4.21 kernel

To: debian-security@lists.debian.org
Cc: Mark Devin <mdevin@ozemail.com.au>
Subject: Re: ipsec setkey and 2.4.21 kernel
From: Jean Christophe ANDRÉ <jean-christophe.andre@auf.org>
Date: Wed, 15 Oct 2003 08:15:22 +0700
Message-id: <[🔎] 20031015011522.GM4705@virus.home>
In-reply-to: <[🔎] 3F8C9969.1010906@ozemail.com.au>
References: <[🔎] 3F7BD5AD.5060207@ozemail.com.au> <[🔎] 3F7BE110.8090309@ozemail.com.au> <[🔎] 3F7D7550.1050507@ozemail.com.au> <[🔎] 3F8C9969.1010906@ozemail.com.au>

	Hi Mark and others,

Mark Devin écrivait :
> Just replying to myself again for the benefit of any list readers having
> similar problems.

And I did follow it with interest... ;-)

> Also make sure that ipsec-tools package is compiled against the 2.4.22 
> kernel headers.  This can be done by editing the debian/rules script and 
> setting the --with-kernel-headers parameter correctly.

Is it necessary to rebuild the ipsec-tools package?
Or does the last one from Debian "Sid" will just do fine?


I'm new to using IPsec with the kernel patch and I have some difficulty to
make it running. Especially, I'm trying to make it running with pipsecd
(from Pierre Bessac, thanks to him) but I'm stuck before starting! :-(

Here is my problem:
  # echo "add 10.0.0.254 10.0.0.100 esp 200102 -E des-cbc 0x1111111111111111 ;" | setkey -c
  The result of line 1: No buffer space available.

Note that I get some errors int my /var/log/syslog:
  Oct 15 08:06:54 test modprobe: modprobe: Can't locate module digest_null
  Oct 15 08:06:54 test modprobe: modprobe: Can't locate module ripemd160
  Oct 15 08:06:54 test modprobe: modprobe: Can't locate module cipher_null
  Oct 15 08:06:54 test modprobe: modprobe: Can't locate module cast128
  Oct 15 08:06:54 test modprobe: modprobe: Can't locate module lzs
  Oct 15 08:06:55 test modprobe: modprobe: Can't locate module lzjh
  Oct 15 08:06:55 test modprobe: modprobe: Can't locate module digest_null
  Oct 15 08:06:55 test modprobe: modprobe: Can't locate module ripemd160
  Oct 15 08:06:55 test modprobe: modprobe: Can't locate module cipher_null
  Oct 15 08:06:55 test modprobe: modprobe: Can't locate module cast128
  Oct 15 08:06:55 test modprobe: modprobe: Can't locate module lzs
  Oct 15 08:06:55 test modprobe: modprobe: Can't locate module lzjh
  Oct 15 08:06:55 test modprobe: modprobe: Can't locate module xfrm-type-2-50

Note again that I did *not* recompile the kernel from Debian "Sid":
  # uname -a
  Linux test.home 2.4.22-1-686 #6 Sat Oct 4 14:09:08 EST 2003 i686 GNU/Linux
  # lsmod | grep key
  af_key                 22224   0  (unused)
Is it necessary? No problem to do it, I'm just missing some time...

Oh, one more thing: is it necessary to start racoon event if I won't use
IKE but only secret keys instead?

Thanks in advance, regards, J.C.
-- 
Jean Christophe ANDRÉ <jean-christophe.andre@auf.org> http://www.vn.refer.org/
Coordonnateur technique régional / Associé technologie projet Reflets
Agence universitaire de la Francophonie (AuF) / Bureau Asie-Pacifique (BAP)
Adresse postale : AUF, 21 Lê Thánh Tông, T.T. Hoàn Kiếm, Hà Nội, Việt Nam
Tél. : +84 4 9331108   Fax : +84 4 8247383   Mobile : +84 91 3248747
/ Note personnelle : merci d'éviter de m'envoyer des fichiers PowerPoint ou   \
\ Word ; voir ici : http://www.fsf.org/philosophy/no-word-attachments.fr.html /

Reply to:

Follow-Ups:
- Re: ipsec setkey and 2.4.21 kernel
  - From: Herbert Xu <herbert@gondor.apana.org.au>

References:
- ipsec setkey and 2.4.21 kernel
  - From: Mark Devin <mdevin@ozemail.com.au>
- Re: ipsec setkey and 2.4.21 kernel
  - From: Mark Devin <mdevin@ozemail.com.au>
- Re: ipsec setkey and 2.4.21 kernel
  - From: Mark Devin <mdevin@ozemail.com.au>
- Re: ipsec setkey and 2.4.21 kernel
  - From: Mark Devin <mdevin@ozemail.com.au>

Prev by Date: Re: ipsec setkey and 2.4.21 kernel
Next by Date: Re: Need advise aobut allowing only sftp on woody
Previous by thread: Re: ipsec setkey and 2.4.21 kernel
Next by thread: Re: ipsec setkey and 2.4.21 kernel
Index(es):
- Date
- Thread