From: Patrick McHardy <kaber@trash.net>
To: Marco Berizzi <pupilla@hotmail.com>
Cc: netdev@vger.kernel.org
Subject: Re: 2.6.25-rc8 regression with openswan
Date: Thu, 03 Apr 2008 14:06:11 +0200 [thread overview]
Message-ID: <47F4C833.1020607@trash.net> (raw)
In-Reply-To: <BAY103-DAV6A19A7FE52B2CD3AD1B0EB2F70@phx.gbl>
Marco Berizzi wrote:
> Patrick McHardy wrote:
>
>>> openswan 2.4.12 doesn't work anymore
>>> with 2.6.25-rc8: quick mode is failing
>>> with this error:
>>>
>>> ERROR: netlink response for Add SA esp.8a56fa21@1.1.1.1 included
> errno
>>> 93: Protocol not supported
>>>
>>> I have tried both with des3 and aes but
>>> I get always the same error.
>> What does your policy look like?
>
> Here is output from ip -s x s and ip -s x p
>
> root@Calimero:/var/log# ip -s x s
> src 85.36.106.213 dst 85.36.106.210
> proto esp spi 0xabbf0fe3(2881425379) reqid 16401(0x00004011)
> mode tunnel
> replay-window 0 seq 0x00000000 flag (0x00000000)
> sel src 85.36.106.213/32 dst 85.36.106.210/32 uid 0
> lifetime config:
> limit: soft (INF)(bytes), hard (INF)(bytes)
> limit: soft (INF)(packets), hard (INF)(packets)
> expire add: soft 0(sec), hard 30(sec)
> expire use: soft 0(sec), hard 0(sec)
> lifetime current:
> 0(bytes), 0(packets)
> add 2008-04-03 13:48:46 use -
> stats:
> replay-window 0 replay 0 failed 0
>
> root@Calimero:/var/log# ip -s x p
> src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
> dir in action allow index 755 priority 0 share any flag
> (0x00000000)
I'm not seeing any policies that actually specify IPsec. I'm
guessing that is something openswan-specific. Anyway, there
haven't been much patches in this area since -rc4, does
reverting commit df9dcb458 help?
next prev parent reply other threads:[~2008-04-03 12:06 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-03 9:42 2.6.25-rc8 regression with openswan Marco Berizzi
2008-04-03 10:01 ` Marco Berizzi
2008-04-03 11:19 ` Patrick McHardy
2008-04-03 11:50 ` Marco Berizzi
2008-04-03 12:06 ` Patrick McHardy [this message]
2008-04-03 12:31 ` Marco Berizzi
2008-04-03 12:35 ` Patrick McHardy
2008-04-03 13:52 ` Patrick McHardy
2008-04-03 14:06 ` Marco Berizzi
2008-04-03 14:36 ` Patrick McHardy
2008-04-08 19:08 ` Patrick McHardy
2008-04-09 15:38 ` [XFRM]: xfrm_user: fix selector family initialization Patrick McHardy
2008-04-09 22:09 ` David Miller
2008-04-10 0:11 ` Kazunori MIYAZAWA
2008-04-10 0:18 ` Patrick McHardy
2008-04-10 0:50 ` Kazunori MIYAZAWA
2008-04-10 0:55 ` Patrick McHardy
2008-04-14 7:33 ` Marco Berizzi
2008-04-14 7:36 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47F4C833.1020607@trash.net \
--to=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=pupilla@hotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.