Description of problem:
I get the following log messages when i restart the racoon daemon:
pfkey.c:2311:pk_checkalg(): compression algorithm can not be checked
because sadb message doesn't support it.
sainfo.c:99:getsainfo(): anonymous sainfo selected.
Due to this issue i'm not able to define specific parameters for phase 2
using the sainfo statement (the sainfo anonymous is used in any case).
So I'm not able to specify lifetime and pfs group per connection for
Each time i add a new ipsec connection i have to ask the other party to
match with the defaults parameters provided in the sainfo anonymous
statement which can be an issue for the other party.
I run ipsec-tools for a while on several RedHat ES 3 running a kernel
2.4.21. I have updated the kernel to the latest 2.4 version.
For information the Redhat ES 2.4 kernel has the ipsec support built in
the kernel as a 2.6 kernel.
The ipsec-tools version i'm currently using is: ipsec-tools-0.2.5-0.7
(latest package provided by RedHat). I have also tried to use the latest
stable version of ipsec-tools and i experience the same issue.
ipcomp is compiled as a module. I have tried to load this module
manually and it does not change anything.
Thanks in advance for your help.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. restart racoon
sainfo anonymous selected
specific sainfo selected
change the owner of ipsec-tools
This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
For more information of the RHEL errata support policy, please visit:
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.