I'm trying to run IPsec between two linux machines:
1) urchin: kernel 2.4.21 with plain freeswan 2.01
2) naga: kernel 2.6.0-test2 with freeswan 2.01 patched with http://gondor.apana.org.au/~herbert/freeswan
I'm using RSA keys for authentication.
When I try to bring the connection up from the 2.6.0 side, I'm getting:
naga:~# ipsec auto --up urchin-naga-rsa
104 "urchin-naga-rsa" #3: STATE_MAIN_I1: initiate
106 "urchin-naga-rsa" #3: STATE_MAIN_I2: sent MI2, expecting MR2
108 "urchin-naga-rsa" #3: STATE_MAIN_I3: sent MI3, expecting MR3
004 "urchin-naga-rsa" #3: STATE_MAIN_I4: ISAKMP SA established
112 "urchin-naga-rsa" #4: STATE_QUICK_I1: initiate
003 "urchin-naga-rsa" #4: ERROR: netlink XFRM_MSG_NEWSA response for Add SA [EMAIL PROTECTED] included errno 22: Invalid argument
032 "urchin-naga-rsa" #4: STATE_QUICK_I1: internal error
On urchin (2.4.21) in the syslog I can see:
Aug 12 17:30:28 urchin pluto[1437]: "urchin-naga-rsa" #8: responding to Quick Mode
Aug 12 17:30:31 urchin pluto[1437]: packet from 10.20.0.47:500: initial Main Mode message received on 10.20.1.28:500 but no connection has been authorized
Aug 12 17:30:38 urchin pluto[1437]: "urchin-naga-rsa" #8: discarding duplicate packet; already STATE_QUICK_R1
If I try it the other way around, i.e. trigger the connection from 2.4.21 the result is more less the same; syslog on naga (2.6.0) says:
Aug 12 17:32:19 naga pluto[4027]: "urchin-naga-rsa" #9: ERROR: netlink XFRM_MSG_NEWSA response for Add SA [EMAIL PROTECTED] included errno 22: Invalid argument
Aug 12 17:32:27 naga pluto[4027]: ERROR: netlink read() of response to our XFRM_MSG_GETPOLICY message for Get policy ? failed. Errno 11: Resource temporarily unavailable
This is a ipsec.conf on both machines:
conn %default
keyingtries=0
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%dnsondemand
rightrsasigkey=%dnsondemandconn urchin-naga-rsa
left=10.20.1.28
[EMAIL PROTECTED]
leftnexthop=10.20.1.16
leftrsasigkey=0sAQOb[...]oFP
right=10.20.1.16
[EMAIL PROTECTED]
rightnexthop=10.20.1.28
rightrsasigkey=0sAQOEy[...]2fh
authby=rsasigWhat's wrong with my setup?
Thanks in advance for any help!
Michal Ludvig
_______________________________________________ FreeS/WAN Users mailing list [EMAIL PROTECTED] https://mj2.freeswan.org/cgi-bin/mj_wwwusr
