Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 3 product line. The current stable release is 3.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 182245

Summary: compression algorithm support issue
Product: Red Hat Enterprise Linux 3 Reporter: Benoit Rovera <benoit.rovera>
Component: ipsec-toolsAssignee: Steve Conklin <sconklin>
Status: CLOSED WONTFIX QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 3.0   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-10-19 18:47:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Benoit Rovera 2006-02-21 12:47:36 UTC 
Description of problem:

Hi,

I get the following log messages when i restart the racoon daemon:

pfkey.c:2311:pk_checkalg(): compression algorithm can not be checked
because sadb message doesn't support it.
sainfo.c:99:getsainfo(): anonymous sainfo selected.

Due to this issue i'm not able to define specific parameters for phase 2
using the sainfo statement (the sainfo anonymous is used in any case).
So I'm not able to specify lifetime and pfs group per connection for
phase 2.
Each time i add a new ipsec connection i have to ask the other party to
match with the defaults parameters provided in the sainfo anonymous
statement which can be an issue for the other party.

I run ipsec-tools for a while on several RedHat ES 3 running a kernel
2.4.21. I have updated the kernel to the latest 2.4 version.
For information the Redhat ES 2.4 kernel has the ipsec support built in
the kernel as a 2.6 kernel.
The ipsec-tools version i'm currently using is: ipsec-tools-0.2.5-0.7
(latest package provided by RedHat). I have also tried to use the latest
stable version of ipsec-tools and i experience the same issue.
ipcomp is compiled as a module. I have tried to load this module
manually and it does not change anything.

Thanks in advance for your help.

Best regards,

Benoit

Version-Release number of selected component (if applicable):
ipsec-tools-0.2.5-0.7
kernel 2.4.21-37.EL

How reproducible:
Always

Steps to Reproduce:
1. restart racoon
  
Actual results:
sainfo anonymous selected

Expected results:
specific sainfo selected

Additional info:
None
Comment 1 Red Hat Bugzilla 2007-07-20 00:43:07 UTC 
change the owner of ipsec-tools
Comment 2 RHEL Program Management 2007-10-19 18:47:07 UTC 
This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
 
For more information of the RHEL errata support policy, please visit:
http://www.redhat.com/security/updates/errata/
 
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.