From: HR, H. <har...@hp...> - 2010-12-20 12:58:11
|
Hi, We are facing some issues with “ipsec-tools” package on Ubuntu (running 2.6.35 kernel) and Debian (running 2.6.32 kernel and above) The command “setkey –DP” produces Policy:[Invalid direciton] message with ipsec-tools versions 0.7.1 and 0.7.3 when the racoon daemon is running. We upgraded the ipsec-tools version to 0.8.1 in which the typo “direciton” has been resolved but still the above message is seen. The same command has no such message seen on Debian running 2.6.18 kernel What is the relation between the later kernel versions(2.6.32 and above) and the racoon daemon ? Has it got something to do with the racoon daemon or the later kernels ? It would be much appreciated if you could provide us with some suggestions/pointers in resolving this issue. Thanks & Regards, Harsha |
From: Stefan B. <ste...@cu...> - 2010-12-20 14:26:45
|
Am 20.12.2010 13:57, schrieb HR, Harsha: > The same command has no such message seen on Debian running 2.6.18 kernel I'm also not getting the above message with the current stable kernel 2.6.26 (debian lenny). I will give this a try with the squeeze-kernel (2.6.32) within the next days. Stefan -- Stefan Bauer ----------------------------------------- PGP: 36D1 1570 DCAD B767 EABE F60D 6BCA 7AD4 79EB C4EC -------- plzk.de - Linux - because it works ---------- |
From: Timo T. <tim...@ik...> - 2010-12-20 14:29:42
|
On 12/20/2010 04:24 PM, Stefan Bauer wrote: > Am 20.12.2010 13:57, schrieb HR, Harsha: >> The same command has no such message seen on Debian running 2.6.18 kernel > > I'm also not getting the above message with the current stable > kernel 2.6.26 (debian lenny). I will give this a try with the > squeeze-kernel (2.6.32) within the next days. It's because linux reports per-socket policies differently; you see them only if racoon is running and they are not harmful. I remember fixing the output a week ago or so. Latest 0.8 snapshot might contain the fix for it. - Timo |
From: Stefan B. <ste...@cu...> - 2010-12-20 14:32:40
|
Am 20.12.2010 15:29, schrieb Timo Teräs: > On 12/20/2010 04:24 PM, Stefan Bauer wrote: >> Am 20.12.2010 13:57, schrieb HR, Harsha: >>> The same command has no such message seen on Debian running 2.6.18 kernel >> >> I'm also not getting the above message with the current stable >> kernel 2.6.26 (debian lenny). I will give this a try with the >> squeeze-kernel (2.6.32) within the next days. > > It's because linux reports per-socket policies differently; you see them > only if racoon is running and they are not harmful. Thanks for the short update. So this is not criticial in any way. I can confirm the output in the 2.6.32 kernel from debian. The ubuntu and debian packages are more or less the same. ubuntu just grabs the debian package frequently. Stefan -- Stefan Bauer ----------------------------------------- PGP: 36D1 1570 DCAD B767 EABE F60D 6BCA 7AD4 79EB C4EC -------- plzk.de - Linux - because it works ---------- |