Hi, Apologies in advance if this is the wrong place to post. I'm no developer, I'm a sysadmin looking for a pointer in the right direction.
This is not so much "there's a problem that needs fixing" as "how did you fix it?". I'm trying to set up an IPSEC tunnel from an OpenWRT box (2.6.28.10) to a cisco router. Phase 1 goes fine, Phase 2 dies with: ... 2009-09-24 18:54:02: DEBUG: KEYMAT computed. 2009-09-24 18:54:02: DEBUG: call pk_sendupdate 2009-09-24 18:54:02: DEBUG: encryption(des) 2009-09-24 18:54:02: DEBUG: hmac(md5) 2009-09-24 18:54:02: DEBUG: call pfkey_send_update2 2009-09-24 18:54:02: DEBUG: pfkey update sent. 2009-09-24 18:54:02: DEBUG: encryption(des) 2009-09-24 18:54:02: DEBUG: hmac(md5) 2009-09-24 18:54:02: DEBUG: call pfkey_send_add2 (NAT flavor) 2009-09-24 18:54:02: DEBUG: call pfkey_send_add2 2009-09-24 18:54:02: DEBUG: pfkey add sent. 2009-09-24 18:54:02: DEBUG: pk_recv: retry[0] recv() 2009-09-24 18:54:02: DEBUG: get pfkey UPDATE message * 2009-09-24 18:54:02: ERROR: pfkey UPDATE failed: Protocol not supported 2009-09-24 18:54:02: DEBUG: pk_recv: retry[0] recv() 2009-09-24 18:54:02: DEBUG: get pfkey ADD message * 2009-09-24 18:54:03: ERROR: pfkey ADD failed: Protocol not supported 2009-09-24 18:54:32: ERROR: 94.199.225.134 give up to get IPsec-SA due to time up to wait. 2009-09-24 18:54:32: DEBUG: IV freed 2009-09-24 18:54:32: DEBUG: pk_recv: retry[0] recv() 2009-09-24 18:54:32: DEBUG: get pfkey EXPIRE message 2009-09-24 18:54:32: INFO: IPsec-SA expired: ESP/Tunnel 1.2.3.4[0]->4.5.6.7[0] spi=69502535(0x4248647) 2009-09-24 18:54:32: DEBUG: no such a SA found: ESP/Tunnel 1.2.3.4[0]->4.5.6.7[0] spi=69502535(0x4248647) I've verified the same behaviour on a Debian Lenny box (2.6.26.2). However, when I try it on an Ubuntu 9.04 server running 2.6.28-15-server it works fine. The ipsec-tools / racoon config in all cases is the same. I've not done an exhaustive comparison of kernel and module settings (yet). Can anybody shed some light on what's changed between 2.6.28.10 and .15? I'd like to apply the same fix to Debian and OpenWRT. Thanks in advance, -Ronan -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss