On 20.04.2010 12:11, shyamsundar.purkayas...@wipro.com wrote: >> But I have a new error when I try to bring up my configuration >> >> [r...@localhost ~]# ipsec up 211TO60Tunnel >> initiating IKE_SA 211TO60Tunnel[3] to 10.201.114.178 >> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] >> sending packet: from 10.201.114.211[500] to 10.201.114.178[500] >> received packet: from 10.201.114.178[500] to 10.201.114.211[500] >> parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) >> CERTREQ N(MULT_AUTH) ] >> received cert request for "C=CH, O=strongSwan, CN=strongSwan CA" >> sending cert request for "C=CH, O=strongSwan, CN=strongSwan CA" >> authentication of 'C=CH, O=strongSwan, CN=211' (myself) with RSA >> signature successful >> sending end entity cert "C=CH, O=strongSwan, CN=211" >> establishing CHILD_SA 211TO60Tunnel >> unable to allocate SPIs from kernel >> > Some IPsec-relevant module (most probably xfrm_user) seems to be > missing in your Linux kernel. The following link shows which > kernel modules must be enabled:
> http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules Thanks for the info. BTW after commenting the load statement in strongswan.conf file I was able to setup the connection and it worked. So it seems the default load works for me. Thanks for taking time to respond to my issues. Regards Shyam -----Original Message----- From: Andreas Steffen [mailto:andreas.stef...@strongswan.org] Sent: Tuesday, April 20, 2010 6:43 PM To: Shyamsundar Purkayastha (WT01 - Telecom Equipment) Cc: users@lists.strongswan.org Subject: Re: [strongSwan] Trying a basic peer to peer ipsec setup with strongswan and is failing due to some key related issue On 20.04.2010 12:11, shyamsundar.purkayas...@wipro.com wrote: > But I have a new error when I try to bring up my configuration > > [r...@localhost ~]# ipsec up 211TO60Tunnel > initiating IKE_SA 211TO60Tunnel[3] to 10.201.114.178 > generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] > sending packet: from 10.201.114.211[500] to 10.201.114.178[500] > received packet: from 10.201.114.178[500] to 10.201.114.211[500] > parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) > CERTREQ N(MULT_AUTH) ] > received cert request for "C=CH, O=strongSwan, CN=strongSwan CA" > sending cert request for "C=CH, O=strongSwan, CN=strongSwan CA" > authentication of 'C=CH, O=strongSwan, CN=211' (myself) with RSA > signature successful > sending end entity cert "C=CH, O=strongSwan, CN=211" > establishing CHILD_SA 211TO60Tunnel > unable to allocate SPIs from kernel > Some IPsec-relevant module (most probably xfrm_user) seems to be missing in your Linux kernel. The following link shows which kernel modules must be enabled: http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules > What could be the reason for this " unable to allocate SPIs from kernel" > error. > > Also, Any idea why the openssl generated keys wouldn't work ? I used the > latest openssl-1.0.0 version. > I cannot tell since I haven't used openssl-1.0.0 yet but I would be very much surprised if anything would have changed in the output format. I'm generating all my certificates with openssl-0.9.8. > Regards > Shyam > Regards Andreas ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== Please do not print this email unless it is absolutely necessary. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
