[strongSwan] IPV6 'connection' bug? (in 4.3.3 with linux 2.6.21)

Wed, 24 Mar 2010 08:45:45 -0700 

Hi,
I'm getting the following errors on my linux 2.6.21 based using 
strongswan 4.3.3 version:
Any Help would be appreciated! (The host that I'm communicating with has 
2.6.27 and it has no problem)

I configured/checked all required IPV6 kernel protocols in linux 2.6.21 
as defined in the installation document url also.

eCCM-root-/etc> ipsec up enb12v6
initiating IKE_SA enb12v6[1] to fd00::410:172:21:10:181
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from fd00::410:172:21:10:12[500] to fd00::410:172:21:10:181[500]
received packet: from fd00::410:172:21:10:181[500] to 
fd00::410:172:21:10:12[500]
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) 
]
authentication of 'fd00::410:172:21:10:12' (myself) with pre-shared key
establishing CHILD_SA enb12v6
generating IKE_AUTH request 1 [ IDi IDr AUTH SA TSi TSr N(MULT_AUTH) ]
sending packet: from fd00::410:172:21:10:12[500] to fd00::410:172:21:10:181[500]
received packet: from fd00::410:172:21:10:181[500] to 
fd00::410:172:21:10:12[500]
parsed IKE_AUTH response 1 [ IDr AUTH SA TSi TSr ]
authentication of 'fd00::410:172:21:10:181' with pre-shared key successful
scheduling rekeying in 50s
maximum IKE_SA lifetime 370s
IKE_SA enb12v6[1] established between 
fd00::410:172:21:10:12[fd00::410:172:21:10:12]...fd00::410:172:21:10:181[fd00::410:172:21:10:181]
received netlink error: Protocol not supported (93)
unable to add SAD entry with SPI c05a60aa
received netlink error: Protocol not supported (93)
unable to add SAD entry with SPI c48cd085
unable to install inbound and outbound IPsec SA (SAD) in kernel


The ipsec.conf has the following entries:

config setup
        plutostart=no

conn %default
        auth=esp
        dpdaction=restart
        dpddelay=50s
        esp=aes128-sha1-modp1024,3des-sha1-modp1024
        forceencaps=no
        ike=aes128-sha-modp1024,3des-sha-modp1024
        ikelifetime=500s
        installpolicy=yes
        keyexchange=ikev2
        keyingtries=%forever
        keylife=400s
        mobike=no
        pfs=yes
        reauth=no
        rekey=yes
        rekeymargin=320s
        type=tunnel
        leftauth=psk
        rightauth=psk

config setup
        plutostart=no

conn %default
        auth=esp
        dpdaction=restart
        dpddelay=50s
        esp=aes128-sha1-modp1024,3des-sha1-modp1024
        forceencaps=no
        ike=aes128-sha-modp1024,3des-sha-modp1024
        ikelifetime=500s
        installpolicy=yes
        keyexchange=ikev2
        keyingtries=%forever
        keylife=400s
        mobike=no
        pfs=yes
        reauth=no
        rekey=yes
        rekeymargin=320s
        type=tunnel
        leftauth=psk
        rightauth=psk

conn enb12v4
        left=135.112.41.22
        right=135.112.40.181
        auto=add
conn enb12v6
        left=fd00:0000:0000:410:172:21:10:12
        #leftsourceip=fd00:0000:0000:410:172:21:10:12
        leftsubnet=fd00::12/64
        right=fd00:0000:0000:410:172:21:10:181
        rightsubnet=fd00::181/64
        auto=add

conn enb12v6
        left=fd00:0000:0000:410:172:21:10:12
        #leftsourceip=fd00:0000:0000:410:172:21:10:12
        leftsubnet=fd00::12/64
        right=fd00:0000:0000:410:172:21:10:181
        rightsubnet=fd00::181/64

        auto=add






_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to