From: Stephen S. <ste...@gm...> - 2008-01-28 18:50:21
|
I'm getting an error from racoon that seems incorrect: 2008-01-28 12:31:04: ERROR: Must get supported algorithms list first. 2008-01-28 12:31:04: ERROR: /etc/racoon/racoon.conf:76: ";" algorithm 3DES not supported by the kernel (missing module?) But this is definitely present in my kernel: # grep CONFIG_CRYPTO_DES .config CONFIG_CRYPTO_DES=m and # lsmod | grep des des 21248 0 but the error above is generated from the command: # racoon -F -f /etc/racoon/racoon.conf the contents of racoon.conf are (line 76 as referenced above is noted below): remote anonymous { exchange_mode aggressive; my_identifier keyid tag "..."; peers_identifier user_fqdn "..."; verify_identifier on; lifetime time 24 hour; proposal { encryption_algorithm 3des; hash_algorithm md5; authentication_method pre_shared_key; dh_group 2; lifetime time 28800 secs; } } sainfo anonymous { encryption_algorithm 3des; # this is line 76 authentication_algorithm hmac_sha1, hmac_md5; compression_algorithm deflate; pfs_group 2; lifetime time 28800 secs; } It is interesting that it doesn't complain on the first time 3des is mentioned in the config. I've also tried other algorithms (des, blowfish) and get the same issue. Any advice would be appreciated. Thanks, Stephen |
From: Paul W. <Pau...@ta...> - 2008-01-29 08:57:40
|
It probably doesn't complain about the first one because that doesn't need kernel support. In my kernels I don't have them compiled as modules.... I have them CONFIG_CRYPTO_DES=y Of course you do have CONFIG_CRYPTO=y ?? Paul Stephen Shelton wrote: > I'm getting an error from racoon that seems incorrect: > > 2008-01-28 12:31:04: ERROR: Must get supported algorithms list first. > 2008-01-28 12:31:04: ERROR: /etc/racoon/racoon.conf:76: ";" algorithm > 3DES not supported by the kernel (missing module?) > > But this is definitely present in my kernel: > > # grep CONFIG_CRYPTO_DES .config > CONFIG_CRYPTO_DES=m > > and > > # lsmod | grep des > des 21248 0 > > but the error above is generated from the command: > > # racoon -F -f /etc/racoon/racoon.conf > > the contents of racoon.conf are (line 76 as referenced above is noted > below): > > remote anonymous { > > exchange_mode aggressive; > my_identifier keyid tag "..."; > peers_identifier user_fqdn "..."; > verify_identifier on; > lifetime time 24 hour; > > proposal { > encryption_algorithm 3des; > hash_algorithm md5; > authentication_method pre_shared_key; > dh_group 2; > lifetime time 28800 secs; > } > > } > > sainfo anonymous { > > encryption_algorithm 3des; # this is line 76 > authentication_algorithm hmac_sha1, hmac_md5; > compression_algorithm deflate; > pfs_group 2; > lifetime time 28800 secs; > > } > > It is interesting that it doesn't complain on the first time 3des is > mentioned in the config. I've also tried other algorithms (des, > blowfish) and get the same issue. > > Any advice would be appreciated. > > Thanks, > Stephen > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Ipsec-tools-devel mailing list > Ips...@li... > https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel |
From: Stephen S. <ste...@gm...> - 2008-01-29 15:25:00
|
Paul Winder wrote: > It probably doesn't complain about the first one because that doesn't > need kernel support. > > In my kernels I don't have them compiled as modules.... I have them > > CONFIG_CRYPTO_DES=y I'll try compiling them into the kernel just for grins, but I'm not getting my hopes up! > > Of course you do have > CONFIG_CRYPTO=y ?? Yes, it is y and not m. > > Paul Thanks! > > Stephen Shelton wrote: > > I'm getting an error from racoon that seems incorrect: > > > > 2008-01-28 12:31:04: ERROR: Must get supported algorithms list first. > > 2008-01-28 12:31:04: ERROR: /etc/racoon/racoon.conf:76: ";" algorithm > > 3DES not supported by the kernel (missing module?) > > > > But this is definitely present in my kernel: > > > > # grep CONFIG_CRYPTO_DES .config > > CONFIG_CRYPTO_DES=m > > > > and > > > > # lsmod | grep des > > des 21248 0 > > > > but the error above is generated from the command: > > > > # racoon -F -f /etc/racoon/racoon.conf > > > > the contents of racoon.conf are (line 76 as referenced above is noted > > below): > > > > remote anonymous { > > > > exchange_mode aggressive; > > my_identifier keyid tag "..."; > > peers_identifier user_fqdn "..."; > > verify_identifier on; > > lifetime time 24 hour; > > > > proposal { > > encryption_algorithm 3des; > > hash_algorithm md5; > > authentication_method pre_shared_key; > > dh_group 2; > > lifetime time 28800 secs; > > } > > > > } > > > > sainfo anonymous { > > > > encryption_algorithm 3des; # this is line 76 > > authentication_algorithm hmac_sha1, hmac_md5; > > compression_algorithm deflate; > > pfs_group 2; > > lifetime time 28800 secs; > > > > } > > > > It is interesting that it doesn't complain on the first time 3des is > > mentioned in the config. I've also tried other algorithms (des, > > blowfish) and get the same issue. > > > > Any advice would be appreciated. > > > > Thanks, > > Stephen > > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by: Microsoft > > Defy all challenges. Microsoft(R) Visual Studio 2008. > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > _______________________________________________ > > Ipsec-tools-devel mailing list > > Ips...@li... > > https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel > |