I get the following log messages when i restart the racoon daemon:
pfkey.c:2311:pk_checkalg(): compression algorithm can not be checked
because sadb message doesn't support it.
sainfo.c:99:getsainfo(): anonymous sainfo selected.
Due to this issue i'm not able to define specific parameters for phase 2
using the sainfo statement (the sainfo anonymous is used in any case).
So I'm not able to specify lifetime and pfs group per connection for
Each time i add a new ipsec connection i have to ask the other party to
match with the defaults parameters provided in the sainfo anonymous
statement which can be an issue for the other party.
I run ipsec-tools for a while on several RedHat ES 3 running a kernel
2.4.21. I have updated the kernel to the latest 2.4 version.
For information the Redhat ES 2.4 kernel has the ipsec support built in
the kernel as a 2.6 kernel.
The ipsec-tools version i'm currently using is: ipsec-tools-0.2.5-0.7
(latest package provided by RedHat). I have also tried to use the latest
stable version of ipsec-tools and i experience the same issue.
ipcomp is compiled as a module. I have tried to load this module
manually and it does not change anything.
Thanks in advance for your help.