IPSEC Phase 2 trouble with Racoon (Protocol Not Supported)

Thu, 24 Sep 2009 12:13:43 -0700 

Hi,

Apologies in advance if this is the wrong place to post.  I'm no
developer, I'm a sysadmin looking for a pointer in the right direction.

This is not so much "there's a problem that needs fixing" as "how did
you fix it?".

I'm trying to set up an IPSEC tunnel from an OpenWRT box (2.6.28.10) to a
cisco router.  Phase 1 goes fine, Phase 2 dies with:

  ...
  2009-09-24 18:54:02: DEBUG: KEYMAT computed.
  2009-09-24 18:54:02: DEBUG: call pk_sendupdate
  2009-09-24 18:54:02: DEBUG: encryption(des)
  2009-09-24 18:54:02: DEBUG: hmac(md5)
  2009-09-24 18:54:02: DEBUG: call pfkey_send_update2
  2009-09-24 18:54:02: DEBUG: pfkey update sent.
  2009-09-24 18:54:02: DEBUG: encryption(des)
  2009-09-24 18:54:02: DEBUG: hmac(md5)
  2009-09-24 18:54:02: DEBUG: call pfkey_send_add2 (NAT flavor)
  2009-09-24 18:54:02: DEBUG: call pfkey_send_add2
  2009-09-24 18:54:02: DEBUG: pfkey add sent.
  2009-09-24 18:54:02: DEBUG: pk_recv: retry[0] recv()
  2009-09-24 18:54:02: DEBUG: get pfkey UPDATE message
* 2009-09-24 18:54:02: ERROR: pfkey UPDATE failed: Protocol not supported
  2009-09-24 18:54:02: DEBUG: pk_recv: retry[0] recv()
  2009-09-24 18:54:02: DEBUG: get pfkey ADD message
* 2009-09-24 18:54:03: ERROR: pfkey ADD failed: Protocol not supported
  2009-09-24 18:54:32: ERROR: 94.199.225.134 give up to get IPsec-SA due to 
time up to wait.
  2009-09-24 18:54:32: DEBUG: IV freed
  2009-09-24 18:54:32: DEBUG: pk_recv: retry[0] recv()
  2009-09-24 18:54:32: DEBUG: get pfkey EXPIRE message
  2009-09-24 18:54:32: INFO: IPsec-SA expired: ESP/Tunnel 
1.2.3.4[0]->4.5.6.7[0] spi=69502535(0x4248647)
  2009-09-24 18:54:32: DEBUG: no such a SA found: ESP/Tunnel 
1.2.3.4[0]->4.5.6.7[0] spi=69502535(0x4248647)

I've verified the same behaviour on a Debian Lenny box (2.6.26.2).

However, when I try it on an Ubuntu 9.04 server running 2.6.28-15-server
it works fine.  The ipsec-tools / racoon config in all cases is the same.
I've not done an exhaustive comparison of kernel and module settings
(yet).

Can anybody shed some light on what's changed between 2.6.28.10 and .15?
I'd like to apply the same fix to Debian and OpenWRT.

Thanks in advance,


-Ronan


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Reply via email to