Hi Everyone,<br><br>I have a working site-to-site connection with strongswan 5.0.1 loaded on both vpn peers. But when I set "compress = yes", ipsec SA get established but I can't pass traffic through the tunnel. I think I have enabled the required kernel modules. I appreciate any tips to resolve this issue. <br>
<br>Below are the logs from one of the vpn peers.<br><br>======<br>2013-02-12 13:30:27.169 [ngfw] [CHARON-INFO:] "09[IKE] initiating Main Mode IKE_SA site2site[1] to 172.16.20.3"<br>2013-02-12 13:30:27.169 [ngfw] [CHARON-INFO:] "09[IKE] initiating Main Mode IKE_SA site2site[1] to 172.16.20.3"<br>
2013-02-12 13:30:27.169 [ngfw] [CHARON-INFO:] "09[ENC] generating ID_PROT request 0 [ SA V V V ]"<br>2013-02-12 13:30:27.169 [ngfw] [CHARON-INFO:] "09[NET] sending packet: from 172.16.20.2[500] to 172.16.20.3[500]"<br>
2013-02-12 13:30:27.182 [ngfw] [CHARON-INFO:] "08[NET] received packet: from 172.16.20.3[500] to 172.16.20.2[500]"<br>2013-02-12 13:30:27.182 [ngfw] [CHARON-INFO:] "08[ENC] parsed ID_PROT response 0 [ SA V V V ]"<br>
2013-02-12 13:30:27.182 [ngfw] [CHARON-INFO:] "08[IKE] received XAuth vendor ID"<br>2013-02-12 13:30:27.182 [ngfw] [CHARON-INFO:] "08[IKE] received NAT-T (RFC 3947) vendor ID"<br>2013-02-12 13:30:27.182 [ngfw] [CHARON-INFO:] "08[IKE] received DPD vendor ID"<br>
2013-02-12 13:30:27.185 [ngfw] [CHARON-INFO:] "08[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]"<br>2013-02-12 13:30:27.185 [ngfw] [CHARON-INFO:] "08[NET] sending packet: from 172.16.20.2[500] to 172.16.20.3[500]"<br>
2013-02-12 13:30:27.203 [ngfw] [CHARON-INFO:] "11[NET] received packet: from 172.16.20.3[500] to 172.16.20.2[500]"<br>2013-02-12 13:30:27.203 [ngfw] [CHARON-INFO:] "11[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]"<br>
2013-02-12 13:30:27.206 [ngfw] [CHARON-INFO:] "11[ENC] generating ID_PROT request 0 [ ID HASH ]"<br>2013-02-12 13:30:27.206 [ngfw] [CHARON-INFO:] "11[NET] sending packet: from 172.16.20.2[500] to 172.16.20.3[500]"<br>
2013-02-12 13:30:27.212 [ngfw] [CHARON-INFO:] "12[NET] received packet: from 172.16.20.3[500] to 172.16.20.2[500]"<br>2013-02-12 13:30:27.212 [ngfw] [CHARON-INFO:] "12[ENC] parsed ID_PROT response 0 [ ID HASH ]"<br>
2013-02-12 13:30:27.212 [ngfw] [CHARON-INFO:] "12[IKE] IKE_SA site2site[1] established between 172.16.20.2[172.16.20.2]...172.16.20.3[172.16.20.3]"<br>2013-02-12 13:30:27.212 [ngfw] [CHARON-INFO:] "12[IKE] IKE_SA site2site[1] established between 172.16.20.2[172.16.20.2]...172.16.20.3[172.16.20.3]"<br>
2013-02-12 13:30:27.212 [ngfw] [CHARON-INFO:] "12[IKE] scheduling rekeying in 85524s"<br>2013-02-12 13:30:27.212 [ngfw] [CHARON-INFO:] "12[IKE] maximum IKE_SA lifetime 86124s"<br>2013-02-12 13:30:27.212 [ngfw] [CHARON-INFO:] "12[ENC] generating QUICK_MODE request 2703472901 [ HASH SA No ID ID ]"<br>
2013-02-12 13:30:27.212 [ngfw] [CHARON-INFO:] "12[NET] sending packet: from 172.16.20.2[500] to 172.16.20.3[500]"<br>2013-02-12 13:30:27.221 [ngfw] [CHARON-INFO:] "10[NET] received packet: from 172.16.20.3[500] to 172.16.20.2[500]"<br>
2013-02-12 13:30:27.221 [ngfw] [CHARON-INFO:] "10[ENC] parsed QUICK_MODE response 2703472901 [ HASH SA No ID ID ]"<br><b>2013-02-12 13:30:27.221 [ngfw] [CHARON-INFO:] "10[KNL] received netlink error: Protocol not supported (93)"<br>
2013-02-12 13:30:27.221 [ngfw] [CHARON-INFO:] "10[KNL] unable to add SAD entry with SPI 0000e270"<br>2013-02-12 13:30:27.221 [ngfw] [CHARON-INFO:] "10[KNL] received netlink error: Protocol not supported (93)"<br>
2013-02-12 13:30:27.221 [ngfw] [CHARON-INFO:] "10[KNL] unable to add SAD entry with SPI 0000410b"</b><br>2013-02-12 13:30:27.221 [ngfw] [CHARON-INFO:] "10[IKE] CHILD_SA site2site{1} established with SPIs cf64ee81_i c2eaaade_o and TS <a href="http://172.16.40.0/24">172.16.40.0/24</a> === <a href="http://172.16.50.0/24">172.16.50.0/24</a> "<br>
2013-02-12 13:30:27.221 [ngfw] [CHARON-INFO:] "10[IKE] CHILD_SA site2site{1} established with SPIs cf64ee81_i c2eaaade_o and TS <a href="http://172.16.40.0/24">172.16.40.0/24</a> === <a href="http://172.16.50.0/24">172.16.50.0/24</a> "<br>
2013-02-12 13:30:27.221 [ngfw] [CHARON-INFO:] "10[ENC] generating QUICK_MODE request 2703472901 [ HASH ]"<br>2013-02-12 13:30:27.221 [ngfw] [CHARON-INFO:] "10[NET] sending packet: from 172.16.20.2[500] to 172.16.20.3[500]"<br>
<br>Thanks!<br>Jordan.<br>