-----BEGIN PGP SIGNED MESSAGE----- On Tuesday 12 August 2003 11:36, Michal Ludvig wrote: > Hi all, > I'm trying to run IPsec between two linux machines: > 1) urchin: kernel 2.4.21 with plain freeswan 2.01 > 2) naga: kernel 2.6.0-test2 with freeswan 2.01 patched with > http://gondor.apana.org.au/~herbert/freeswan *snip* > If I try it the other way around, i.e. trigger the connection from > 2.4.21 the result is more less the same; syslog on naga (2.6.0) says: > > Aug 12 17:32:19 naga pluto[4027]: "urchin-naga-rsa" #9: ERROR: netlink > XFRM_MSG_NEWSA response for Add SA [EMAIL PROTECTED] included > errno 22: Invalid argument > Aug 12 17:32:27 naga pluto[4027]: ERROR: netlink read() of response to > our XFRM_MSG_GETPOLICY message for Get policy ? failed. Errno 11: > Resource temporarily unavailable
Looking at these messages, it appears as if the kernel is rebuffing pluto's attempts to add an SA. "Invalid Argument" makes me think that either a) the interface has changed (the patch might need updating, or you're using an outdated version of Herbert's patch) or b) the interface doesn't understand IPsec (you're lacking kernel restartsupport) Does naga report any errors upon FreeS/WAN start? Have you compiled in IPsec support statically, or using modules? If the latter, are the modules loading? (esp4, ah4, xfrm_user...) - -- Sam Sgro [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: For the matching public key, finger the Reply-To: address. iQCVAwUBPzkaXUOSC4btEQUtAQEEzAP8D7ARVlCcQ4gr2icUPQ5Jg5SB2Nryj3Ds SNHDwjsLJb708y5FrATkZmMP42cYrVKk6XwH98CJac1HJNqzp3SaM29DBzZ8rqhx sFyWE9ajavrHB3ExsDJEVu1/LsSye0GGqhA8NZI2TyWZSa7rRZUvxo9oFddA7Nk/ SdeYslbjqiM= =HE+M -----END PGP SIGNATURE----- _______________________________________________ FreeS/WAN Users mailing list [EMAIL PROTECTED] https://mj2.freeswan.org/cgi-bin/mj_wwwusr
