From: Wennael <we...@fr...> - 2008-04-28 15:01:07
|
Thanks, hum maybe I forgot to precise my ipsec-tools version ? I have version 0.7 compiled by my own on a slackware and kernel 2.6.22.9. Regards, Wennael Karpinski, Jens (A.P.E. GmbH - IT-Security Engineer) a écrit : > No, its not a bug, rijndael is a synonym for aes :-) > In early versions of racoon you must type rijndael in racoon.conf > to get aes encryption. > > So there was a chance you got the same issue like me 3 months ago. > But i`m afraid that’s not the problem you have. > > Sorry but I have no further clues at the moment. > > Regards, > > Jens > > > -----Ursprüngliche Nachricht----- > Von: Wennael [mailto:we...@fr...] > Gesendet: Montag, 28. April 2008 15:30 > An: Karpinski, Jens (A.P.E. GmbH - IT-Security Engineer) > Betreff: Re: AW: [Ipsec-tools-users] Racoon problem: algorithm AES not supported bythe kernel > > Hi, > > with rijndael I have the same error, but it is strange, racoon continue > to say "AES" not supported, but not something like "RIJNDAEL" not > supported. is it a bug ? > > Regards, > Wennael > > Karpinski, Jens (A.P.E. GmbH - IT-Security Engineer) a écrit : > >> Hi, >> >> try "rijndael" instead of "aes" in your racoon.conf. Does it work ? >> >> regards >> >> >> -----Ursprüngliche Nachricht----- >> Von: ips...@li... [mailto:ips...@li...] Im Auftrag von we...@fr... >> Gesendet: Montag, 28. April 2008 14:09 >> An: ips...@li... >> Betreff: [Ipsec-tools-users] Racoon problem: algorithm AES not supported bythe kernel >> >> >> >> Hi, >> >> I try to create an IPSec tunnel but racoon seems to "bug". >> >> It says that kernel does not support any of these algorithms: aes, des, 3des, >> but all of these are compiled as module, and loaded ! >> >> >> so, to help us finding what is going wrong, here is the list of loaded modules: >> af_key, aes, des, sha1, deflate, crypto_hash, hmac, md5, ah4, esp4, ipcomp, >> tunnel4, ipip and xfrm_user >> >> I run racoon with this command: racoon -d -l /var/log/racoon.log -f >> /etc/ipsec/racoon.conf >> >> my racoon.conf: >> path pre_shared_key "/etc/ipsec/psk.txt"; >> >> remote remote-public-IP { >> exchange_mode main, base; >> doi ipsec_doi; >> situation identity_only; >> >> generate_policy on; >> passive on; >> >> my_identifier address my-public-IP; >> >> lifetime time 8 hour; >> initial_contact on; >> proposal_check obey; >> >> proposal { >> encryption_algorithm aes; >> hash_algorithm sha1; >> authentication_method pre_shared_key; >> dh_group 2; >> } >> } >> >> sainfo anonymous { >> lifetime time 1 hour; >> encryption_algorithm aes; >> authentication_algorithm hmac_sha1; >> compression_algorithm deflate; >> } >> >> When I try to run racoon, I got the folowing in the log fle: >> 2008-04-28 11:25:28: INFO: @(#)ipsec-tools 0.7 >> (http://ipsec-tools.sourceforge.net) >> 2008-04-28 11:25:28: INFO: @(#)This product linked OpenSSL 0.9.7g 11 Apr 2005 >> (http://www.openssl.org/) >> 2008-04-28 11:25:28: INFO: Reading configuration from "/etc/ipsec/racoon.conf" >> 2008-04-28 11:25:28: DEBUG: call pfkey_send_register for AH >> 2008-04-28 11:25:28: DEBUG: call pfkey_send_register for ESP >> 2008-04-28 11:25:28: DEBUG: call pfkey_send_register for IPCOMP >> 2008-04-28 11:25:28: DEBUG: reading config file /etc/ipsec/racoon.conf >> 2008-04-28 11:25:28: ERROR: Must get supported algorithms list first. >> 2008-04-28 11:25:28: ERROR: /etc/ipsec/racoon.conf:28: ";" algorithm AES not >> supported by the kernel (missing module?) >> 2008-04-28 11:25:28: ERROR: fatal parse failure (1 errors) >> >> but, the error occurs at the 2nd line that use "aes" (If I set two different >> algorythms, I get the error only in the sainfo section! so, I know that my >> kernel does have support for those algos!) >> >> next test: if I comment out the entire sainfo section, racoon launches, but I >> don't know if the tunnel works. >> >> any idea ? >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference >> Don't miss this year's exciting event. There's still time to save $100. >> Use priority code J8TL2D2. >> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone >> _______________________________________________ >> Ipsec-tools-users mailing list >> Ips...@li... >> https://lists.sourceforge.net/lists/listinfo/ipsec-tools-users >> >> ************************************************************************************************** >> The contents of this email and any attachments are confidential. >> They are intended for the named recipient(s) only. >> If you have received this email in error please notify the system manager or the >> sender immediately and do not disclose the contents to anyone or make copies. >> >> ** SSP Europe scanned this email for viruses, vandals and malicious content. ** >> >> *** Secured by http://www.ssp-europe.eu *** >> >> ************************************************************************************************** >> >> > > > ************************************************************************************************** > The contents of this email and any attachments are confidential. > They are intended for the named recipient(s) only. > If you have received this email in error please notify the system manager or the > sender immediately and do not disclose the contents to anyone or make copies. > > ** SSP Europe scanned this email for viruses, vandals and malicious content. ** > > *** Secured by http://www.ssp-europe.eu *** > > ************************************************************************************************** > |