[gentoo-user] freeswan - pfkey write fails

Tue, 09 Dec 2003 14:27:07 -0800


Compiled 2.4.20-gentoo-r9 with ipsec modules enabled, and installed freeswan-2.04. I set up /etc/ipsec.conf[1] according to freeswan docs for a net-net configuration (I'm testing just host-to-host, though). When I start ipsec with /etc/init.d/ipsec start, I see:

* Starting IPSEC ......
ipsec_setup: Starting FreeS/WAN IPsec 2.04...
ipsec_setup: Using /lib/modules/2.4.20-gentoo-r9/kernel/net/ipsec/ipsec.o
ipsec_setup: /usr/libexec/ipsec/eroute: pfkey write failed, returning -1 with errno=22.
ipsec_setup: Invalid argument, check kernel log messages for specifics. [ ok ]

Looking at the output of dmesg (after setting klipsdebug and plutodebug to all in /etc/ipsec.conf), I see:

klips_debug:pfkey_msg_interp: parsing message ver=2, type=15, errno=0, satype=0(
UNKNOWN), len=5, res=0, seq=1, pid=4251.
klips_debug:pfkey_alloc_ipsec_sa: allocated tdb struct=c2fdde48.
klips_debug:pfkey_msg_interp: allocated extr->tdb=cfb6c400.
klips_debug:pfkey_msg_interp: message parsing failed with error -22.
klips_debug:pfkey_sendmsg: pfkey_msg_parse returns -22.
klips_debug:pfkey_sendmsg: sending up error=-22 message=c2e00f60 to socket=ccda5
954.
klips_debug:pfkey_upmsg: allocating 16 bytes...
klips_debug:pfkey_upmsg: ...allocated at c184ae40.
klips_debug:pfkey_sendmsg: sending up error message to socket=ccda5954 succeeded
.
klips_debug:pfkey_release: sock=ccda5954 sk=c18029a0

I haven't been able to find any information about this -- the freeswan mailing list archives appear to be down.

Thanks in advance,
Rich

[1]
/etc/ipsec.conf:
version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        klipsdebug=all
        plutodebug=all


# Add connections here.

conn net-to-net
        left=xxx.xxx.xxx.xxx
        leftsubnet=xxx.xxx.xxx.xxx/32
        [EMAIL PROTECTED]
        leftrsasigkey=<myleftrsasigkey from xxx.xxx.xxx.xxx is here>
        leftnexthop=yyy.yyy.yyy.yyy
        right=yyy.yyy.yyy.yyy
        rightsubnet=yyy.yyy.yyy.yyy/32
        [EMAIL PROTECTED]
        rightrsasigkey=<myrightrsasigkey from yyy.yyy.yyy.yyy is here>
        rightnexthop=xxx.xxx.xxx.xxx
        auto=add


--
[EMAIL PROTECTED] mailing list

Reply via email to