Re: Re: ipsec broken
> that package is maintained in the community feeds, please open an issue > https://github.com/openwrt/packages/issues > and use "@stintel" in the maintainer field to ping the maintainer Thanks for reply, but I think it's not strongswan issue, but a kernel issue. It's easy to verify. #opkg install ip-full kmod-ipsec4 #ip xfrm state add src 192.168.2.100 dst 192.168.1.10 proto esp spi 0x0301 mode tunnel auth sha1 0x96358c90783bbfa3d7b196ceabe0536b enc aes 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
ipsec broken
It seems that ipsec has been broken for a long time. see https://forum.openwrt.org/t/ipsec-has-been-broken-for-a-while/81120 log on mt7621: 12[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ 12[KNL] got SPI cecfbd68 12[KNL] adding SAD entry with SPI cecfbd68 and reqid {1} 12[KNL] using encryption algorithm AES_CBC with key size 128 12[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160 12[KNL] using replay window of 32 packets 12[KNL] HW offload: no 12[KNL] received netlink error: No such file or directory (2) 12[KNL] unable to add SAD entry with SPI cecfbd68 (FAILED) 12[KNL] adding SAD entry with SPI 04c603db and reqid {1} 12[KNL] using encryption algorithm AES_CBC with key size 128 12[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160 12[KNL] using replay window of 0 packets 12[KNL] HW offload: no 12[KNL] received netlink error: No such file or directory (2) 12[KNL] unable to add SAD entry with SPI 04c603db (FAILED) 12[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel 12[IKE] failed to establish CHILD_SA, keeping IKE_SA ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel