Menu
▾
▴
Re: [Ipsec-tools-users] Racoon problem: algorithm AES not supported bythe kernel
|
From: Wennael <we...@fr...> - 2008-04-28 15:01:07
|
Thanks,
hum maybe I forgot to precise my ipsec-tools version ? I have version
0.7 compiled by my own on a slackware and kernel 2.6.22.9.
Regards,
Wennael
Karpinski, Jens (A.P.E. GmbH - IT-Security Engineer) a écrit :
> No, its not a bug, rijndael is a synonym for aes :-)
> In early versions of racoon you must type rijndael in racoon.conf
> to get aes encryption.
>
> So there was a chance you got the same issue like me 3 months ago.
> But i`m afraid that’s not the problem you have.
>
> Sorry but I have no further clues at the moment.
>
> Regards,
>
> Jens
>
>
> -----Ursprüngliche Nachricht-----
> Von: Wennael [mailto:we...@fr...]
> Gesendet: Montag, 28. April 2008 15:30
> An: Karpinski, Jens (A.P.E. GmbH - IT-Security Engineer)
> Betreff: Re: AW: [Ipsec-tools-users] Racoon problem: algorithm AES not supported bythe kernel
>
> Hi,
>
> with rijndael I have the same error, but it is strange, racoon continue
> to say "AES" not supported, but not something like "RIJNDAEL" not
> supported. is it a bug ?
>
> Regards,
> Wennael
>
> Karpinski, Jens (A.P.E. GmbH - IT-Security Engineer) a écrit :
>
>> Hi,
>>
>> try "rijndael" instead of "aes" in your racoon.conf. Does it work ?
>>
>> regards
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: ips...@li... [mailto:ips...@li...] Im Auftrag von we...@fr...
>> Gesendet: Montag, 28. April 2008 14:09
>> An: ips...@li...
>> Betreff: [Ipsec-tools-users] Racoon problem: algorithm AES not supported bythe kernel
>>
>>
>>
>> Hi,
>>
>> I try to create an IPSec tunnel but racoon seems to "bug".
>>
>> It says that kernel does not support any of these algorithms: aes, des, 3des,
>> but all of these are compiled as module, and loaded !
>>
>>
>> so, to help us finding what is going wrong, here is the list of loaded modules:
>> af_key, aes, des, sha1, deflate, crypto_hash, hmac, md5, ah4, esp4, ipcomp,
>> tunnel4, ipip and xfrm_user
>>
>> I run racoon with this command: racoon -d -l /var/log/racoon.log -f
>> /etc/ipsec/racoon.conf
>>
>> my racoon.conf:
>> path pre_shared_key "/etc/ipsec/psk.txt";
>>
>> remote remote-public-IP {
>> exchange_mode main, base;
>> doi ipsec_doi;
>> situation identity_only;
>>
>> generate_policy on;
>> passive on;
>>
>> my_identifier address my-public-IP;
>>
>> lifetime time 8 hour;
>> initial_contact on;
>> proposal_check obey;
>>
>> proposal {
>> encryption_algorithm aes;
>> hash_algorithm sha1;
>> authentication_method pre_shared_key;
>> dh_group 2;
>> }
>> }
>>
>> sainfo anonymous {
>> lifetime time 1 hour;
>> encryption_algorithm aes;
>> authentication_algorithm hmac_sha1;
>> compression_algorithm deflate;
>> }
>>
>> When I try to run racoon, I got the folowing in the log fle:
>> 2008-04-28 11:25:28: INFO: @(#)ipsec-tools 0.7
>> (http://ipsec-tools.sourceforge.net)
>> 2008-04-28 11:25:28: INFO: @(#)This product linked OpenSSL 0.9.7g 11 Apr 2005
>> (http://www.openssl.org/)
>> 2008-04-28 11:25:28: INFO: Reading configuration from "/etc/ipsec/racoon.conf"
>> 2008-04-28 11:25:28: DEBUG: call pfkey_send_register for AH
>> 2008-04-28 11:25:28: DEBUG: call pfkey_send_register for ESP
>> 2008-04-28 11:25:28: DEBUG: call pfkey_send_register for IPCOMP
>> 2008-04-28 11:25:28: DEBUG: reading config file /etc/ipsec/racoon.conf
>> 2008-04-28 11:25:28: ERROR: Must get supported algorithms list first.
>> 2008-04-28 11:25:28: ERROR: /etc/ipsec/racoon.conf:28: ";" algorithm AES not
>> supported by the kernel (missing module?)
>> 2008-04-28 11:25:28: ERROR: fatal parse failure (1 errors)
>>
>> but, the error occurs at the 2nd line that use "aes" (If I set two different
>> algorythms, I get the error only in the sainfo section! so, I know that my
>> kernel does have support for those algos!)
>>
>> next test: if I comment out the entire sainfo section, racoon launches, but I
>> don't know if the tunnel works.
>>
>> any idea ?
>>
>> -------------------------------------------------------------------------
>> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
>> Don't miss this year's exciting event. There's still time to save $100.
>> Use priority code J8TL2D2.
>> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
>> _______________________________________________
>> Ipsec-tools-users mailing list
>> Ips...@li...
>> https://lists.sourceforge.net/lists/listinfo/ipsec-tools-users
>>
>> **************************************************************************************************
>> The contents of this email and any attachments are confidential.
>> They are intended for the named recipient(s) only.
>> If you have received this email in error please notify the system manager or the
>> sender immediately and do not disclose the contents to anyone or make copies.
>>
>> ** SSP Europe scanned this email for viruses, vandals and malicious content. **
>>
>> *** Secured by http://www.ssp-europe.eu ***
>>
>> **************************************************************************************************
>>
>>
>
>
> **************************************************************************************************
> The contents of this email and any attachments are confidential.
> They are intended for the named recipient(s) only.
> If you have received this email in error please notify the system manager or the
> sender immediately and do not disclose the contents to anyone or make copies.
>
> ** SSP Europe scanned this email for viruses, vandals and malicious content. **
>
> *** Secured by http://www.ssp-europe.eu ***
>
> **************************************************************************************************
>
|