Thanks,

hum maybe I forgot to precise my ipsec-tools version ? I have version 0.7 compiled by my own on a slackware and kernel 2.6.22.9.

Regards,
Wennael

Karpinski, Jens (A.P.E. GmbH - IT-Security Engineer) a écrit :
No, its not a bug, rijndael is a synonym for aes :-) 
In early versions of racoon you must type rijndael in racoon.conf
to get aes encryption.
 
So there was a chance you got the same issue like me 3 months ago.
But i`m afraid that’s not the problem you have.

Sorry but I have no further clues at the moment.

Regards,

Jens


-----Ursprüngliche Nachricht-----
Von: Wennael [mailto:wennael@free.fr] 
Gesendet: Montag, 28. April 2008 15:30
An: Karpinski, Jens (A.P.E. GmbH - IT-Security Engineer)
Betreff: Re: AW: [Ipsec-tools-users] Racoon problem: algorithm AES not supported bythe kernel

Hi,

with rijndael I have the same error, but it is strange, racoon continue 
to say "AES" not supported, but not something like "RIJNDAEL" not 
supported. is it a bug ?

Regards,
Wennael

Karpinski, Jens (A.P.E. GmbH - IT-Security Engineer) a écrit :
  
Hi,

try "rijndael" instead of "aes" in your racoon.conf. Does it work ?

regards


-----Ursprüngliche Nachricht-----
Von: ipsec-tools-users-bounces@lists.sourceforge.net [mailto:ipsec-tools-users-bounces@lists.sourceforge.net] Im Auftrag von wennael@free.fr
Gesendet: Montag, 28. April 2008 14:09
An: ipsec-tools-users@lists.sourceforge.net
Betreff: [Ipsec-tools-users] Racoon problem: algorithm AES not supported bythe kernel



Hi,

I try to create an IPSec tunnel but racoon seems to "bug".

It says that kernel does not support any of these algorithms: aes, des, 3des,
but all of these are compiled as module, and loaded !


so, to help us finding what is going wrong, here is the list of loaded modules:
af_key, aes, des, sha1, deflate, crypto_hash, hmac, md5, ah4, esp4, ipcomp,
tunnel4, ipip and xfrm_user

I run racoon with this command: racoon -d -l /var/log/racoon.log -f
/etc/ipsec/racoon.conf

my racoon.conf:
path pre_shared_key "/etc/ipsec/psk.txt";

remote remote-public-IP {
        exchange_mode main, base;
        doi ipsec_doi;
        situation identity_only;

        generate_policy on;
        passive on;

        my_identifier address my-public-IP;

        lifetime time 8 hour;
        initial_contact on;
        proposal_check obey;

        proposal {
                encryption_algorithm aes;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2;
        }
}

sainfo anonymous {
       lifetime time 1 hour;
       encryption_algorithm aes;
       authentication_algorithm hmac_sha1;
               compression_algorithm deflate;
}

When I try to run racoon, I got the folowing in the log fle:
2008-04-28 11:25:28: INFO: @(#)ipsec-tools 0.7
(http://ipsec-tools.sourceforge.net)
2008-04-28 11:25:28: INFO: @(#)This product linked OpenSSL 0.9.7g 11 Apr 2005
(http://www.openssl.org/)
2008-04-28 11:25:28: INFO: Reading configuration from "/etc/ipsec/racoon.conf"
2008-04-28 11:25:28: DEBUG: call pfkey_send_register for AH
2008-04-28 11:25:28: DEBUG: call pfkey_send_register for ESP
2008-04-28 11:25:28: DEBUG: call pfkey_send_register for IPCOMP
2008-04-28 11:25:28: DEBUG: reading config file /etc/ipsec/racoon.conf
2008-04-28 11:25:28: ERROR: Must get supported algorithms list first.
2008-04-28 11:25:28: ERROR: /etc/ipsec/racoon.conf:28: ";" algorithm AES not
supported by the kernel (missing module?)
2008-04-28 11:25:28: ERROR: fatal parse failure (1 errors)

but, the error occurs at the 2nd line that use "aes" (If I set two different
algorythms, I get the error only in the sainfo section! so, I know that my
kernel does have support for those algos!)

next test: if I comment out the entire sainfo section, racoon launches, but I
don't know if the tunnel works.

any idea ?

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Ipsec-tools-users mailing list
Ipsec-tools-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipsec-tools-users

**************************************************************************************************
The contents of this email and any attachments are confidential.
They are intended for the named recipient(s) only.
If you have received this email in error please notify the system manager or  the 
sender immediately and do not disclose the contents to anyone or make copies.

** SSP Europe scanned this email for viruses, vandals and malicious content. **

*** Secured by http://www.ssp-europe.eu ***

**************************************************************************************************
  
    


**************************************************************************************************
The contents of this email and any attachments are confidential.
They are intended for the named recipient(s) only.
If you have received this email in error please notify the system manager or  the 
sender immediately and do not disclose the contents to anyone or make copies.

** SSP Europe scanned this email for viruses, vandals and malicious content. **

*** Secured by http://www.ssp-europe.eu ***

**************************************************************************************************