Hi,
While trying to establish manual tunnel
using command “ipsec manual –up sample”, I receive
following error message –
“/usr/local/lib/ipsec/spi –label sample: pfkey write
failed, returning –1 with errno=22
Invalid argument, check kernel log messages for
specifics”.
My objective is to skip IKE and establish
a manual tunnel between 2 linux box with freeswan
IPSec running on it.
I am receiving above written error message On machine,
running Redhat Linux 7.2 with kernel 2.4.7-10
and freeswan IPSec 1.97.
I am using following setup –
+-----+ +-----+ +------+ +-----+ +-----+
|Host1|----|IPSec|----|Router|----|IPSec|----|Host2|
+-----+ |Gwy1 | +------+ | Gwy2| +-----+
+-----+ +-----+
Host1 - 172.26.1.2
IPSecGwy1 - 172.26.1.1, 172.46.1.2
Router - 172.46.1.1, 172.30.2.122
IPSecGwy2 - 172.30.2.199, 172.40.1.1
Host2 - 172.40.1.2
I am giving necessary information from ipsec.conf –
# basic configuration
conn sample
# Left security gateway, subnet behind it, next
hop toward right.
#type=transport
type=tunnel
leftsubnet=172.26.0.0/16
left=172.46.1.2
leftnexthop=172.46.1.1
# Right security gateway, subnet behind it, next
hop toward left.
rightsubnet=172.40.0.0/16
right=172.30.2.199
rightnexthop=172.30.2.122
# Manual SPI :
spi=0x320
auto=add
esp=3des-md5-96
Could someone suggest what might be going wrong??
In one of my linux box successfully running
IPSEC,(kernel 2.2.x, freeswan 1.8), at boot time I can
see KLIPS debug information when IPSec comes up.
But in linux box in which IPSec is not working(kernel
2.4.7-10, freeswan 1.97), at boot time, no such
message regarding KLIPS debug comes, when IPSec is
started.
Regards-
Tarun.
__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:57 CEST