Modify

Opened 8 years ago

Closed 6 years ago

#7431 closed defect (fixed)

ipsec-tools on AR71xx is broken

Reported by: porter.adam@… Owned by: nico
Priority: response-needed Milestone: Backfire 10.03.1
Component: packages Version: Trunk
Keywords: Cc:

Description

I have two routers, one RDC platform running kamikaze 8.09.2 with kernel 2.6.24.7, and an AR71xx router running backfire with kernel 2.6.32.10. Both routers are using the same exact version of ipsec-tools (0.7.3) with the same exact configuration files. On RDC, the tunnels come up and traffic is passed. On AR71xx, IKE negotiation succeeds, but the tunnels do not come up and racoon throws the following errors:

2010-06-03 07:05:40: ERROR: pfkey UPDATE failed: No such file or directory
2010-06-03 07:05:40: ERROR: pfkey ADD failed: No such file or directory

I have tried ipsec-tools 0.7 to 0.8-20090903 and have had the same results.

I have successfully created ipsec tunnels on AR71xx using strongSwan.

Attachments (0)

Change History (9)

comment:1 in reply to: ↑ description Changed 8 years ago by thenighthawk@…

I also have the DIR-825 (AR71xx) and it sounds like you're getting further than I am (I also cannot connect)... I've had to make some modifications along the way with racoonctl files to get (what wasn't working)... perhaps we can compare notes

comment:2 Changed 8 years ago by thenighthawk@…

See this ticket:
/ticket/7164.html

comment:3 follow-up: Changed 7 years ago by nextgens

you need to insmod authenc from the kmod-crypto-authenc package

see http://marc.info/?l=ipsec-tools-devel&m=125447505913863&w=2

Would be much easier if the dependencies of ipsec-tools were set right :/

comment:4 Changed 7 years ago by nico

  • Owner changed from developers to nico
  • Status changed from new to accepted

comment:5 in reply to: ↑ 3 Changed 7 years ago by sbingner

Replying to nextgens:

you need to insmod authenc from the kmod-crypto-authenc package

see http://marc.info/?l=ipsec-tools-devel&m=125447505913863&w=2

Would be much easier if the dependencies of ipsec-tools were set right :/

That link seems to apply to "Protocol Not Supported" errors -- has anybody found a workaround for the issue this ticket is in reference to? ("pfkey UPDATE/ADD failed: No such file or directory")

I've been beating my head against this for two days, and I can't figure out what directory or file it is looking for. Nothing from strace, etc... /var/racoon had to be created for the socket but that didn't help with this.

comment:6 Changed 7 years ago by arokh <trondah@…>

@sbingner

Inserting kmod-crypto-authenc solved the "pfkey UPDATE/ADD failed: No such file or directory" issue for me.

comment:7 Changed 7 years ago by jow

  • Priority changed from normal to response-needed

So whats the status here? Missing dependencies? Dependencies there but in wrong order?

comment:8 Changed 7 years ago by arokh <trondah@…>

Works fine here after authenc is loaded. Tested with 0.8.0 as well.

comment:9 Changed 6 years ago by nico

  • Resolution set to fixed
  • Status changed from accepted to closed

Fixed in [28515], thanks !

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.