Description of problem: When having ipsecv6 tests about "SGW Tunnel Mode ESP 3DES-CBC with HMAC-SHA1 authentication" in the software gateway mode,we found that NUT cannot Set SPD entries. scenarios. Version-Release number of selected component (if applicable): kernel-2.6.18-43.el5 Software Environment: Testee(NUT): RHEL5 Kernel:2.6.18-43.el5 Tester(TN): FreeBSD6.2 v6eval-3.0.12.tar.gz TAHI package: IPsec_Self_Test_P2_1-1-1.tar.gz How reproducible: every time Steps to Reproduce: 1. Configure TAHI test environment. 2. Run the TAHI test suite 3. After the test completes, check for the results Actual results: NUT cannot Set SPD entries Expected results: NUT can Set SPD entries Additional info: please refer to http://focus.brisbane.redhat.com/~zwu/ipsec_sgw/20071022/IPsec_Self_Test_P2_1-1-1_sgw/ipsec.p2/index.html (1) 3 6.1.2 Select SPD (ICMP Type), ESP=3DES-CBC HMAC-SHA1
Also about it: when NUT is set to the host mode, pls refer to the url below: http://focus.brisbane.redhat.com/~zwu/ipsec_endnode/20071028/IPsec_Self_Test_P2_1-1-1_end_node/ipsec.p2/index.html (1) 3 5.1.2 Select SPD (ICMP Type), ESP=3DES-CBC HMAC-SHA1
the test case still FAIL On RHEL5.2 for more details, pls refer to http://focus.brisbane.redhat.com/~zwu/RHEL5.2-Server-20080212.0/20080220/IPsec_Self_Test_P2_1-1-2_end_node/ipsec.p2/index.html (1) 3 5.1.2 Select SPD (ICMP Type), ESP=3DES-CBC HMAC-SHA1
Created attachment 304613 [details] test for RHEL5.2-20080430 this is IPsec test for RHEL5.2-20080430,also fail
Thomas, Could you confirm whether kernel support this mode? SGW Tunnel Mode ESP 3DES-CBC with HMAC-SHA1 authentication
Yes, the kernel supports both algorithms. As you can see in the test log, the algorithms have been successfully configured, if they weren't supported this step would fail.
To me this looks like something is broken in the test scripts. Out of the logs: Remote(ipsecSetSPD.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecSetSPD.rmt -t [...] eval $main::rOpt_upperspec='icmp6' [...] Connected upperspec must be one of any|tcp|udp ipsecSetSPD.rmt [parameters] parameters: src=source address [...]
Created attachment 304831 [details] ps format result test for RHEL5.2-20080430 this is IPsec test for RHEL5.2-20080430,also fail kernel 2.6.18-92.el5 ipsec-tools-0.6.5-9.el5 convert the result from html format to ps
According to the logs, this looks like a problem with ipsec-tools, the test cannot be configured correctly. The algorithm itself is supported by the kernel.
What is the command on the tested computer that fails?
Adding yshao to the cc list as the manager of the disabled user zwu who reported this bug
Without the required information it is not possible to fix the problem. Also from the attached logs it seems clear that the command which is failing is part of the testsuite and not the setkey command which is contained in the ipsec-tools package. Closing as NOTABUG for now, please reopen if you can provide logs where the setkey command fails.
*** Bug 468353 has been marked as a duplicate of this bug. ***