On further review of this the issue seems
to lie in the fact that the tunnel end of the ipsec is running A via padlock chipset. If I replace the
tunnel end with the same config.xml file and a wrap board the tunnel works
perfectly. From: alan walters Enable
yes Interface
(selected public
carp address that I want to use 192.168.5.100) Failover
ip (same address as above
192.168.5.100) Peerip
(used the
carp sync real ip address of the other carp in my array 192.168.10.2) Shared key (used a 16
byte aes key) This end is a mobile client. The other end is the tunnel.
When the tunnel establishes the moble client end shows the SAD correct. But the tunnel end shows the error DEBUG: get pfkey ADD message ERROR: pfkey UPDATE failed: Invaild argument. And there is no SAD at the tunnel end. |