# ipsec setup start returns - eroute: pfkey write failed

## saglyphe

After a bit of searching, I am still stuck on trying to get FreeS/wan running on my Dell Inspiron 600m laptop

The other end of the connection will be one of three Cisco VPN servers, but given the error that I am having, I suspect that is not related.

While my laptop is usually behind a Netgear Cable router gateway, but I have tested it from other locations without any change in the result.  So, I am reasonably certain the problem is internal to my machine.

So far I have tried net-misc/freeswan v1.99 and more recently v2.03.  I have also rebuilt my kernel a few times changing the options that seemed relevant.  None of this has changed the result.

I assume I must be missing something, but in all my searches on ipsec, eroute, freeswan, and cisco in various combinations have not helped.

I have listed the command (and its results) along with links to other relevant information which would be too large to include directly.

```
root$ ipsec setup start

 * Starting IPSEC ......

ipsec_setup: Starting FreeS/WAN IPsec U2.03/Ksuper-freeswan-1.99.7rc2...

ipsec_setup: /usr/libexec/ipsec/eroute: pfkey write failed, returning -1 with errno=22.

ipsec_setup: Invalid argument, check kernel log messages for specifics.
```

Output from ipsec barf (registered IP addresses changed to ???.???.???.x) ipsec barf output

Relivant portion of kernel log Kernel Log

Configuration file for kernel config-2.4.20-gentoo-r8

Any suggestions on how I might correct this problem would be appreciated.

Thanks,

Norm Sager

----------

## ThorstenHirsch

I've got the same problem with freeswan 2.04.

```
 * Starting IPSEC ......

ipsec_setup: Starting FreeS/WAN IPsec U2.04/Ksuper-freeswan-1.99.7rc2...

ipsec_setup: /usr/libexec/ipsec/eroute: pfkey write failed, returning -1 with errno=22.

ipsec_setup: Invalid argument, check kernel log messages for specifics.   [ ok ]
```

And I cannot set up a secure connection to another computer. FreeS/WAN hangs when initiating stage 2  :Sad: 

----------

## saglyphe

A couple of days ago, I decided to unmerge freeswan and instead merge super-freeswan which seems to have gotten me past this particular problem.  I still have not managed to establish a vpn connection successfully.

I also remember merging host, but I don't remember if its presence had any impact on the problems I have been having with freeswan.

----------

## ThorstenHirsch

SuperFreeS/WAN looks even worse:

```
# /etc/init.d/ipsec start

ipsec_setup: Starting FreeS/WAN IPsec Usuper-freeswan-1.99_kb4/Ksuper-freeswan-1.99.7rc2...

ipsec_setup: /usr/sbin/ipsec: unknown IPsec command `klipsdebug' (`ipsec --help' for list)

ipsec_setup: /usr/sbin/ipsec: unknown IPsec command `eroute' (`ipsec --help' for list)

ipsec_setup: /usr/sbin/ipsec: unknown IPsec command `spi' (`ipsec --help' for list)

ipsec_setup: /usr/sbin/ipsec: unknown IPsec command `tncfg' (`ipsec --help' for list)

ipsec_setup: SIOCSIFFLAGS: No such device
```

and the output of ipsec auto --up whatever:

```
/usr/sbin/ipsec: unknown IPsec command `whack' (`ipsec --help' for list)
```

----------

## saglyphe

Hmm.  I know I hit that issue.  I will post again when I remember how I solved it.  I remember rebuilding the kernel, but I don't think that had an effect - I believe it was a configuration file left over somewhere (sorry working on so many issues currently they have gotten a little scrambled).

----------

## ThorstenHirsch

I've got the answer!

Ken B. in #freeswan on irc.freenode.org told me that I've got 2.04 userland tools and 1.99.x kernel modules, which is true. And he said, that this doesn't work, so I'm downgrading now to 1.99 as long as gentoo-sources are coming with 1.99.x kernel module.

----------

## isnsspc

I have exactly the same problem I wondered if you managed to fix it ?

Simon

----------

