Hi guys,

just thought I'd share my experience of last several days.

Had to change the external nic on the gateway box from standard pci device, to a
usb nic. turned the machine on, everything goes as planned, but no ipsec tunnels
go up.


Spent couple of days solving the f*^&king problem, tried different kernels
(2.6.9-2.6.11) and ipsec-tools versions, thought I was going mental.

Only to to find out that my USB Netgear FA-120 would not "work with ipsec".


for some reason, kernel can no create SAs.
Even if you set the tunnels manually, it is still a no go.


The logs are full of:

2005-03-07 15:17:20: ERROR: phase2 negotiation failed due to time up waiting for
phase1. ESP xxx.xxx.xxx.bbb->xxx.xxx.xxx.aaa
2005-03-07 15:17:20: INFO: delete phase 2 handler.
2005-03-07 15:17:24: ERROR: can't start the quick mode, there is no valid
ISAKMP-SA, 530bc0362f36f1ed:9673792c0daa890f



Anyone has any suggestions of why this was happening?

I can post more info if developers are interested.


--
Respectfully,
Konstantin V. Gavrilenko

Arhont Ltd - Information Security

web:    http://www.arhont.com
http://www.wi-foo.com
e-mail: k.gavrilenko@arho...

tel: +44 (0) 870 44 31337
fax: +44 (0) 117 969 0141

PGP: Key ID - 0x4F3608F7
PGP: Server - keyserver.pgp.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger...
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/