Bug 363521 - TAHI--IPSECv6--SGW Tunnel Mode ESP 3DES-CBC with HMAC-SHA1 authentication, NUT cannot Set SPD entries
Summary: TAHI--IPSECv6--SGW Tunnel Mode ESP 3DES-CBC with HMAC-SHA1 authentication, NU...
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: ipsec-tools   
(Show other bugs)
Version: 5.0
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Tomas Mraz
QA Contact:
: 468353 (view as bug list)
Depends On:
Blocks: KernelPrio5.3
TreeView+ depends on / blocked
Reported: 2007-11-02 09:12 UTC by Zhiyong Wu
Modified: 2008-10-29 07:34 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-07-29 18:31:19 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
test for RHEL5.2-20080430 (8.45 KB, text/html)
2008-05-06 09:37 UTC, shangyanfeng
no flags Details
ps format result (118.85 KB, application/octet-stream)
2008-05-08 04:51 UTC, shangyanfeng
no flags Details

Description Zhiyong Wu 2007-11-02 09:12:13 UTC
Description of problem:

  When having ipsecv6 tests about "SGW Tunnel Mode ESP 3DES-CBC with HMAC-SHA1 

authentication" in the software gateway mode,we found that NUT cannot Set SPD 



Version-Release number of selected component (if applicable):


Software Environment:   
TAHI package:    

How reproducible:
  every time

Steps to Reproduce:    
  1. Configure TAHI test environment.     
  2. Run the TAHI test suite     
  3. After the test completes, check for the results 
Actual results:

   NUT cannot Set SPD entries

Expected results:

   NUT can Set SPD entries

Additional info:
   please refer to 


   (1) 3	6.1.2 Select SPD (ICMP Type), ESP=3DES-CBC HMAC-SHA1

Comment 1 Zhiyong Wu 2007-11-02 09:19:20 UTC
   Also about it:

   when NUT is set to the host mode,

   pls refer to the url below:


   (1) 3	5.1.2 Select SPD (ICMP Type), ESP=3DES-CBC HMAC-SHA1

Comment 3 Zhiyong Wu 2008-02-20 09:18:35 UTC
the test case still FAIL On RHEL5.2

for more details, pls refer to 


(1) 3	5.1.2 Select SPD (ICMP Type), ESP=3DES-CBC HMAC-SHA1

Comment 6 shangyanfeng 2008-05-06 09:37:12 UTC
Created attachment 304613 [details]
test for RHEL5.2-20080430

this is IPsec test for RHEL5.2-20080430,also fail

Comment 7 Lawrence Lim 2008-05-07 14:47:37 UTC
Could you confirm whether kernel support this mode?

SGW Tunnel Mode ESP 3DES-CBC with HMAC-SHA1 authentication

Comment 8 Thomas Graf 2008-05-07 15:11:57 UTC
Yes, the kernel supports both algorithms. As you can see in the test log, the
algorithms have been successfully configured, if they weren't supported this
step would fail.

Comment 9 Thomas Graf 2008-05-07 15:20:25 UTC
To me this looks like something is broken in the test scripts. Out of the

Remote(ipsecSetSPD.rmt) ``/usr/local/v6eval//bin/rhel51//ipsecSetSPD.rmt -t 
eval $main::rOpt_upperspec='icmp6'
upperspec must be one of any|tcp|udp
ipsecSetSPD.rmt [parameters]
src=source address

Comment 10 shangyanfeng 2008-05-08 04:51:56 UTC
Created attachment 304831 [details]
ps format result

test for RHEL5.2-20080430

this is IPsec test for RHEL5.2-20080430,also fail

kernel 2.6.18-92.el5 ipsec-tools-0.6.5-9.el5

convert the result from html format to ps

Comment 12 Thomas Graf 2008-06-13 21:21:36 UTC
According to the logs, this looks like a problem with ipsec-tools, the test
cannot be configured correctly. The algorithm itself is supported by the kernel.

Comment 13 Tomas Mraz 2008-06-13 21:47:49 UTC
What is the command on the tested computer that fails?

Comment 14 Red Hat Bugzilla 2008-07-08 01:24:11 UTC
Adding yshao@redhat.com to the cc list as the manager of the disabled user zwu@redhat.com who reported this bug

Comment 15 Tomas Mraz 2008-07-29 18:31:19 UTC
Without the required information it is not possible to fix the problem. Also
from the attached logs it seems clear that the command which is failing is part
of the testsuite and not the setkey command which is contained in the
ipsec-tools package.

Closing as NOTABUG for now, please reopen if you can provide logs where the
setkey command fails.

Comment 16 Tomas Mraz 2008-10-29 07:34:42 UTC
*** Bug 468353 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.