Ubuntu IPSec

March 25th, 2007

I'm setting up Ipsec on ubuntu:

apt-get install racoon

ran into problems:

Reading package lists... Done
Building dependency tree... Done
The following NEW packages will be installed:  racoon
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 342kB of archives.
After unpacking 1053kB of additional disk space will be used.
Get:1 dapper/main racoon 1:0.6.5-4ubuntu1 [342kB]
Fetched 342kB in 1s (238kB/s)
Preconfiguring packages ...
Selecting previously deselected package racoon.(Reading database ... 17951 files and directories currently installed.)
Unpacking racoon (from .../racoon_1%3a0.6.5-4ubuntu1_amd64.deb) ...
Setting up racoon (0.6.5-4ubuntu1) ...
Generating /etc/default/racoon...
Loading IPSEC/crypto modules...
insmod: error inserting '/lib/modules/': -1 Unknown symbol in module
insmod: error inserting '/lib/modules/': -1 Unknown symbol in module
IPSEC/crypto modules loaded.
Starting IKE (ISAKMP/Oakley) server: racoon: failed to parse configuration file.
racoon-tool: racoon did not start.
invoke-rc.d: initscript racoon, action "start" failed.
dpkg: error processing racoon (--configure): subprocess post-installation script returned error exit status 255
Errors were encountered while processing: racoon
E: Sub-process /usr/bin/dpkg returned an error code (1)
apt-get remove racoon
modprobe crc32c
modprobe ipcomp6
apt-get install racoon

same thing, maybe the errors are OK?

This the problem from syslog?

racoon: ERROR: glob found no matches for path

This page translated:

Breezy + IPSec Tools

suggests loading:

modprobe xfrm6_tunnel

and it worked!

/etc/init.d/racoon start
Loading IPSEC/crypto modules...
IPSEC/crypto modules loaded.
Starting IKE (ISAKMP/Oakley) server: racoon: failed to parse configuration file.
Flushing SAD and SPD...
SAD and SPD flushed.
Loading SAD and SPD...
SAD and SPD loaded.
Configuring racoon...done.

Still not working, now getting this error in syslog:

racoon: ERROR: couldn't find configuration. 

increasing verbosity:

get pfkey X_SPDDUMP message
pfkey X_SPDDUMP failed: No such file or directory

Hmmm, what is pfkey - restarted setkey and its good, then had some mismatched encryption settings. Now this:

racoon: ERROR: couldn't find the pskey

Hmmm. Got that working - you really have to make sure all the setting match up on both side. The sa gets established, but I can't ping one box from the other. Though packets are getting through (as seen via tcpdump). The issue now must be something to do with iptables, routing, or something similar.

Argh. I just couldn't get this working, but I did learn a lot about ipsec on ubuntu / debian. I need to test it out on another server to make sure the problems I was having aren't isolated.

IPSec Related links:

Yearly Indexes: 2003 2004 2006 2007 2008 2009 2010 2011 2012 2013 2015 2019 2020 2022