<div>Hi,</div>
<div> </div>
<div>I am seeing CHILD_SA failure in the IPv6 case (strongswan-5.0.1, Linux kenerl 2.6.34) due to <font style="BACKGROUND-COLOR:#ffff00">received netlink error: Protocol not supported (93)</font>. I have included the log below.</div>
<div>I have searched the old threads and found [1] which suggests something related to the IPComp. I have never turned this option on, but I then turn it off anyway in the ipsec.conf. This does not help.</div>
<div>I then found another thread [2] and [3] which talked about enabling IPv6 on the linux. My linux box has already enabled the IPv6 and is receiving and sending IKEv2 messages through its IPv6 interface: eth0 (please see the log below).</div>
<div> </div>
<div>Is there still something missing in my kernel which I need to build in or turn on?</div>
<div>Thank you!</div>
<div> </div>
<div>Robert</div>
<div> </div>
<div>email threads:</div>
<div>[1]: <a href="http://wiki.strongswan.org/issues/183" target="_blank">http://wiki.strongswan.org/issues/183</a></div>
<div>[2]: <a href="https://lists.strongswan.org/pipermail/users/2008-November/002915.html" target="_blank">https://lists.strongswan.org/pipermail/users/2008-November/002915.html</a></div>
<div>[3]: <a href="https://lists.strongswan.org/pipermail/users/2008-October/002782.html" target="_blank">https://lists.strongswan.org/pipermail/users/2008-October/002782.html</a></div>
<div> </div>
<div> </div>
<div>server log:</div>
<div>charon: 00[KNL] detected Linux 2.6.34, no support for RTA_PREFSRC for IPv6 routes <font style="BACKGROUND-COLOR:#33cc00"><--- not sure if this is also an error?</font></div>
<div>........</div>
<div>charon: 13[NET] received packet: from 2002:c023:9c17:21c:21b:78ff:fee0:6ba4[4500] to 2002:c023:9c17:2c0::a2a:7064[4500]<br>charon: 13[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH CP(ADDR6 DNS6) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]</div>
<div>........<br>charon: 13[KNL] adding SAD entry with SPI c9e5baf2 and reqid {1} (mark 0/0x00000000)<br>charon: 13[KNL] using encryption algorithm AES_CBC with key size 128<br>charon: 13[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160 <br>
charon: 13[KNL] using replay window of 32 packets <br>charon: 13[KNL] <font style="BACKGROUND-COLOR:#ffff00">received netlink error: Protocol not supported (93)</font> <br>charon: 13[KNL] unable to add SAD entry with SPI c9e5baf2 <br>
charon: 13[KNL] adding SAD entry with SPI c85caae7 and reqid {1} (mark 0/0x00000000) <br>charon: 13[KNL] using encryption algorithm AES_CBC with key size 128 <br>charon: 13[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160 <br>
charon: 13[KNL] using replay window of 32 packets <br>charon: 13[KNL] received netlink error: Protocol not supported (93) <br>charon: 13[KNL] unable to add SAD entry with SPI c85caae7 <br>charon: 13[IKE] <font style="BACKGROUND-COLOR:#ffff00">unable to install inbound and outbound IPsec SA (SAD) in kernel <br>
</font>charon: 13[IKE] failed to establish CHILD_SA, keeping IKE_SA <br>charon: 13[KNL] deleting SAD entry with SPI c9e5baf2 (mark 0/0x00000000) <br>charon: 13[KNL] deleted SAD entry with SPI c9e5baf2 (mark 0/0x00000000) <br>
charon: 13[KNL] deleting SAD entry with SPI c85caae7 (mark 0/0x00000000) <br>charon: 13[ENC] generating IKE_AUTH response 1 [ IDr AUTH CP(ADDR6 DNS DNS6 DHCP DHCP6) N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR) N(NO_PROP) ]<br>
charon: 13[NET] sending packet: from 2002:c023:9c17:2c0::a2a:7064[4500] to 2002:c023:9c17:21c:21b:78ff:fee0:6ba4[4500]</div>