-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Good morning.
I'm trying to get LibreSWAN 3.10 working on an older gateway running CentOS5 (x86_64). As the RHEL5/CentOS5 binaries don't seem to be available in the repository yet, I decided to build my own. First issue of note--neither the libreswan-3.9-1.el5.x86_64.rpm nor the libreswan-3.9-1.el5.src.rpm passed the signature check, despite my importing RPM-GPG-KEY-libreswan. Not sure what's up there. Anyway, I (possibly foolishly) bypassed the failing signature check, extracted the spec file from the 3.9 source package, tweaked it for 3.10, built a 3.10 source RPM and then finally built the binary RPMs on CentOS5. I disabled DNSSEC in the spec file rather than trying to find compatible unbound packages in various repositories. The problem arises when trying to bring up a tunnel. Either using an L2TP connection or XAUTH + RSA, the connection fails with the following: > Sep 23 06:28:50 yycgate pluto[14414]: read from crypto helper 0 > failed with short length 2048 of 2768. Killing helper. I tried forcing "nhelpers=1" in ipsec.conf, but it made no difference. I'm also seeing these: > Sep 23 06:28:52 yycgate pluto[14414]: "L2TP-Win2KXP"[1] > 75.158.74.198 #1: discarding packet received during asynchronous > work (DNS or crypto) in STATE_MAIN_R1 "ipsec verify" passes everything except for "XFRM larval drop [NOT ENABLED]"; I haven't been able to determine whether that's a big problem or what I might do about it; Google is reticent this morning. - -- Nels Lindquist <[email protected]> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (MingW32) iEYEARECAAYFAlQhkEEACgkQh6z5POoOLgQ1oQCgvVXICBj5RN4srBR7QTCyJP8j VW4AoIrmRWxxe/5+ljfcfFsLjQ625pv8 =Vj5l -----END PGP SIGNATURE----- _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
