Am Dienstag, den 20.10.2009, 09:30 +0200 schrieb Philipp Matthias Hahn: > Hello Daniel,
> Why do you think "ike" should depend on "ipsec-tools"? > "ike" doesn't call /usr/sbin/setkey and doesn't link against > /usr/lib/libipsec.so.0, since it has it's own (internal) implementation. Because I was unable to establish phase2 until I had installed ipsec-tools (again, was removed with racoon earlier). There were error messages in the log indicating problems while setting the policies, although they didn't state that setkey was missing. It was just a guess I had and after installing setkey it did work. I just tested that on another box and indeed, ike works without setkey. (surprisingly for me). I'll have to try to reproduce the problem on the other box I had the initial problems with. Is it possible that there's some fallback to setkey in ike if some kernel interface is not present (both boxes have custom kernels)? Alternatively I could imagine that the flushing of the security policies in /etc/init.d/setkey did the trick. Cheers -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
