[Openswan Users] Using 1DES :(
Paul Wouters
paul at xelerance.com
Fri Sep 2 16:55:27 CEST 2005
On Fri, 2 Sep 2005, Rajkumar S wrote:
>>> I am on Debian, is it okay if I just grab the source and compile ?
>>
>>
>> Of course.
>
> I had complied openswan-2.4.0rc4 with just USE_WEAKSTUFF?=true using gcc-3.3
> for kernel 2.4.21. When I tried to start ipsec with the command "ipsec auto
> --up sample" I got the message
>
> 003 "sample": requested kernel enc ealg_id=2 not present
> 034 "sample": can not initiate: no acceptable kernel algorithms loaded
Does you Debian kernel not have cryptoapi support for 1DES? I guess they
backported the NETKEY code? Or if you use KLIPS, disable the cryptoapi
klips option and use klips' own DES routines that include 1DES.
> Sep 2 17:02:35 localhost ipsec_setup: Starting Openswan IPsec 2.4.0rc4...
> Sep 2 17:02:46 localhost ipsec__plutorun: /usr/local/lib/ipsec/_plutorun:
> line
> 1: 4784 Segmentation fault /usr/local/libexec/ipsec/pluto --nofork
Can you add dumpdir=/tmp to config setup, crash pluto again and run gdb
on the core file in /tmp ? This might be a new crasher we have not seen
before.
Paul
More information about the Users
mailing list