Re: [Ipsec-tools-devel] Problems starting setkey after kernel update to2.6.11-r5
Brought to you by:
mit_warlord,
netbsd
From: richard l. <mai...@lu...> - 2005-05-02 15:51:40
|
On 02 May 2005 10:00:37 +0530 Ganesan Rajagopal <rga...@us...> wrote: > > Hello, > > I've updated my kernel to 2.6.11-r5 and can't use ipsec. > > I hope someone can help me. > > > ws01 etc # setkey -f /etc/ipsec.conf > > The result of line 11: Invalid argument. > > The result of line 15: Invalid argument. > > I think you've been bitten by the "tab completion bug" in setkey > (replacing tabs with spaces in your conf file should fix the problem). > I already have two bugs filed against the ipsec-tools debian package > for this issue. I plan to disable readline support when packaging > 0.5.2 till it's fixed properly. And yesterday's update from Sarge is telling me for each tunnel and each second that an old SPI xxxxxxxxxxxxxx has expired. 37_tunnels * SPI_lifetime_28800 * 1_line_per_expired_SPI already created 600MB of logs today.... ;-) I have three machines doing this (example for 2 tunnels): [..] May 2 17:40:27 server1 racoon: INFO: ISAKMP-SA expired 1.2.3.4[500]-2.2.2.2[500] spi:b480c0a13e6272a7:f3a8043d4d6c9586 May 2 17:40:27 server1 racoon: INFO: ISAKMP-SA expired 1.2.3.4[500]-1.1.1.1[500] spi:719b8d0e5687db52:c6302dbeca38611f May 2 17:40:28 server1 racoon: INFO: ISAKMP-SA expired 1.2.3.4[500]-2.2.2.2[500] spi:b480c0a13e6272a7:f3a8043d4d6c9586 May 2 17:40:28 server1 racoon: INFO: ISAKMP-SA expired 1.2.3.4[500]-1.1.1.1[500] spi:719b8d0e5687db52:c6302dbeca38611f May 2 17:40:29 server1 racoon: INFO: ISAKMP-SA expired 1.2.3.4[500]-2.2.2.2[500] spi:b480c0a13e6272a7:f3a8043d4d6c9586 May 2 17:40:29 server1 racoon: INFO: ISAKMP-SA expired 1.2.3.4[500]-1.1.1.1[500] spi:719b8d0e5687db52:c6302dbeca38611f [..] Everything works perfectly well. I have to restart racoon and then I think it will be quiet until the tunnels expire... dpkg -l | grep ipsec ii ipsec-tools 0.5.1-1 IPsec tools for Linux -- ___________________________________________________________________ It's so simple to be wise. Just think of something stupid to say and say the opposite. +------------------------------------------------------------------+ | Richard Lucassen, Utrecht | | Public key and email address: | | http://www.lucassen.org/mail-pubkey.html | +------------------------------------------------------------------+ |