#27 ESP Authentication aalgo null problem

0.5 branch
closed
nobody
5
2005-07-31
2005-05-25
Anonymous
No

ENV:
Debian sarge
ipsec-tools 0.5.2-1

setkey error EINVAL "invalid argument"

This is the SA, -A null returns the EINVAL

add 2001:0:0:1:0:0:56:515b 2001:0:0:2:0:0:6a:3a83
esp 1000 -r 0 -m transport
-E rijndael-cbc "0123456789012345"
-A null;

Here is output of setkey -cv

darth-vader:/usr/local/etc# sh ipsec.conf | more
sadb_msg{ version=2 type=3 errno=0 satype=3
len=19 reserved=0 seq=0 pid=5877
sadb_ext{ len=3 type=9 }
sadb_key{ bits=128 reserved=0
key= 30313233 34353637 38393031 32333435 }
sadb_ext{ len=2 type=1 }
sadb_sa{ spi=1000 replay=0 state=0
auth=251 encrypt=12 flags=0x00000040 }
sadb_ext{ len=2 type=19 }
sadb_x_sa2{ mode=1 reqid=0
reserved1=0 reserved2=0 sequence=0 }
sadb_ext{ len=5 type=5 }
sadb_address{ proto=255 prefixlen=128
reserved=0x0000 }
sockaddr{ len=28 family=10 port=0
flowinfo=0x00000000, scope_id=0x00000000
20010000 00000001 00000000 0056515b }
sadb_ext{ len=5 type=6 }
sadb_address{ proto=255 prefixlen=128
reserved=0x0000 }
sockaddr{ len=28 family=10 port=0
flowinfo=0x00000000, scope_id=0x00000000
20010000 00000002 00000000 006a3a83 }

sadb_msg{ version=2 type=3 errno=22 satype=3
len=2 reserved=0 seq=0 pid=5877

Invalid argument.

Moving the ";" around, joining lines etc does not help.
From the source files (lex/yacc) it should go into
ALG_AUTH_NOKEY branch but this seems not to be
working. Also auth 251 from sadb_sa seems strange
to me - shouldn't this be 286 ?

Thx for help
---Maik

Discussion

  • Nobody/Anonymous

    Logged In: NO

    UPDATE:

    same SA works perfect for FreeBSD4.9

    ---Maik

     
  • Maik Bachmann

    Maik Bachmann - 2005-05-25

    Logged In: YES
    user_id=1285136

    update:

    same SA works perfectly on FreeBSD 4.9

    ---Maik

     
  • Aidas Kasparas

    Aidas Kasparas - 2005-07-16

    Logged In: YES
    user_id=39627

    Mike,

    At least on my box /usr/include/linux/pfkeyv2.h states:
    /* Authentication algorithms */
    <...>
    #define SADB_X_AALG_NULL 251 /* kame */

    If yours was compiled on the same, then this is why this
    number is like this. And by the way, on BSD this may be
    different.

    On the other hand, I just checked on my debian box (with
    2.6.11-1-686 kernel) -- it went without any problem. So,
    maybe aes module was not loaded or something else was wrong
    in the config.

     
  • Aidas Kasparas

    Aidas Kasparas - 2005-07-16
    • status: open --> pending
     
  • SourceForge Robot

    • status: pending --> closed
     
  • SourceForge Robot

    Logged In: YES
    user_id=1312539

    This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 14 days (the time period specified by
    the administrator of this Tracker).

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks