[Ipsec-tools-devel] spdadd and tunnel mode; "Invalid argument"

[tito <ab...@di...>]

Hi,
=20
 As someone posted befote I also have got ipsec working under transport
mode in a variety of
 configurations, but I'm getting consistent problem attempting to set
policy for tunnel mode:
=20
        spdadd 10.1.0.0/24 10.3.0.0/24 any -P out ipsec
               ah/tunnel/10.2.0.1-10.2.0.2/require;
=20
Network is:
=20
=20
Host1---------------Router1-------------------Router2-------------------
Host2
                                    10.1.0.0/24           10.2.0.1
10.2.0.2              10.3.0.0/24
=20
and the error I get is:
=20
            [root@router1 etc]# setkey -v -c
spdadd 10.1.0.0/24 10.3.0.0/24 any -P out ipsec
                        ah/tunnel/10.2.0.1-10.2.0.2/require;
sadb_msg{ version=3D2 type=3D14 errno=3D0 satype=3D0
  len=3D15 reserved=3D0 seq=3D0 pid=3D770
sadb_ext{ len=3D7 type=3D18 }
sadb_x_policy{ type=3D2 dir=3D2 id=3D0 }
 { len=3D40 proto=3D51 mode=3D2 level=3D2 reqid=3D0
sockaddr{ len=3D16 family=3D2 port=3D0
 0a020001  }
sockaddr{ len=3D16 family=3D2 port=3D0
 0a020002  }
 }
sadb_ext{ len=3D3 type=3D5 }
sadb_address{ proto=3D255 prefixlen=3D24 reserved=3D0x0000 }
sockaddr{ len=3D16 family=3D2 port=3D0
 0a010000  }
sadb_ext{ len=3D3 type=3D6 }
sadb_address{ proto=3D255 prefixlen=3D24 reserved=3D0x0000 }
sockaddr{ len=3D16 family=3D2 port=3D0
 0a030000  }
=20
sadb_msg{ version=3D2 type=3D14 errno=3D22 satype=3D0
  len=3D2 reserved=3D0 seq=3D0 pid=3D770
=20
The result of line 2: Invalid argument.
=20
I am using kernel 2.6-test5 with the latest ipsec-tools versi=F3n
available at sourceforge.
Am I doing something wrong???
Is this a bug??
=20
Best regards,
            TITO.