<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
Hi Noel.
<div class=""><br class="">
</div>
<div class="">Thanks for the response.</div>
<div class=""><br class="">
</div>
<div class="">If you read further, you will see retry and success. I copied and pasted message from failure to success here.</div>
<div class=""><br class="">
</div>
<div class="">See the end of log.</div>
<div class=""><br class="">
</div>
<div class="">
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:56 13[KNL] setting WFP SA SPI failed: 0x80320035</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:56 13[IKE] unable to install IPsec policies (SPD) in kernel</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:56 13[IKE] failed to establish CHILD_SA, keeping IKE_SA</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:56 13[IKE] sending DELETE for ESP CHILD_SA with SPI cef5a6bf</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:56 13[ENC] generating INFORMATIONAL request 2 [ D ]</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:56 13[NET] sending packet: from 172.16.115.240[4500] to 66.151.147.21[4500] (76 bytes)</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:57 16[NET] received packet: from 66.151.147.21[4500] to 172.16.115.240[4500] (76 bytes)</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:57 16[ENC] parsed INFORMATIONAL response 2 [ D ]</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:57 17[KNL] creating acquire job for policy 172.16.115.240/32[icmp/8] === 192.168.10.2/32[icmp/0] with reqid {1}</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:57 14[IKE] establishing CHILD_SA child_a25_a26{1}</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:57 14[ENC] generating CREATE_CHILD_SA request 3 [ SA No TSi TSr ]</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:57 14[NET] sending packet: from 172.16.115.240[4500] to 66.151.147.21[4500] (236 bytes)</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:58 17[KNL] creating acquire job for policy 172.16.115.240/32[icmp/8] === 192.168.10.2/32[icmp/0] with reqid {1}</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:58 06[CFG] ignoring acquire, connection attempt pending</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:59 17[KNL] creating acquire job for policy 172.16.115.240/32[icmp/8] === 192.168.10.2/32[icmp/0] with reqid {1}</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:59 08[CFG] ignoring acquire, connection attempt pending</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:43:00 17[KNL] creating acquire job for policy 172.16.115.240/32[icmp/8] === 192.168.10.2/32[icmp/0] with reqid {1}</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:43:00 12[CFG] ignoring acquire, connection attempt pending</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:43:01 09[IKE] retransmit 1 of request with message ID 3</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:43:01 09[NET] sending packet: from 172.16.115.240[4500] to 66.151.147.21[4500] (236 bytes)</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:43:01 17[KNL] creating acquire job for policy 172.16.115.240/32[icmp/8] === 192.168.10.2/32[icmp/0] with reqid {1}</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:43:01 05[CFG] ignoring acquire, connection attempt pending</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:43:01 10[NET] received packet: from 66.151.147.21[4500] to 172.16.115.240[4500] (236 bytes)</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:43:01 10[ENC] parsed CREATE_CHILD_SA response 3 [ SA No TSi TSr ]</div>
<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:43:01 10[IKE] CHILD_SA child_a25_a26{6} established with SPIs ce117294_i be8f068b_o and TS 172.16.115.240/32 === 192.168.10.0/24 </div>
<div class="" style="font-family: Courier; margin: 0px;"><br class="">
</div>
<div class="" style="font-family: Courier; margin: 0px;"><br class="">
</div>
<div class="" style="font-family: Courier; margin: 0px;"><br class="">
</div>
<div>
<blockquote type="cite" class="">
<div class="">On Nov 28, 2015, at 10:57 AM, Noel Kuntze <<a href="mailto:noel@familie-kuntze.de" class="">noel@familie-kuntze.de</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class=""><br class="">
-----BEGIN PGP SIGNED MESSAGE-----<br class="">
Hash: SHA256<br class="">
<br class="">
Hello Jaehong,<br class="">
<br class="">
Your diagnosis is completely wrong. That's not the root of the problem.<br class="">
It's because charon is not allowed to install the policies into the kernel.<br class="">
<br class="">
<blockquote type="cite" class="">2015-11-28T08:42:56 13[KNL] setting WFP SA SPI failed: 0x80320035<br class="">
2015-11-28T08:42:56 13[IKE] unable to install IPsec policies (SPD) in kernel<br class="">
2015-11-28T08:42:56 13[IKE] failed to establish CHILD_SA, keeping IKE_SA<br class="">
</blockquote>
<br class="">
<br class="">
- -- <br class="">
<br class="">
Mit freundlichen Grüßen/Kind Regards,<br class="">
Noel Kuntze<br class="">
<br class="">
GPG Key ID: 0x63EC6658<br class="">
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br class="">
<br class="">
-----BEGIN PGP SIGNATURE-----<br class="">
Version: GnuPG v2<br class="">
<br class="">
iQIcBAEBCAAGBQJWWfkmAAoJEDg5KY9j7GZYD5YP/RxIZIuiPY2Qqp1FYVRawmY6<br class="">
QReYfbA8T1XBmoqV9L3aTpJoMt/9LraK4xS5P9nCvvrGW89W/ARibMO75h251NAH<br class="">
bYqceXXmODF+lnxB/I+Irk07qLScXEPiGz1ozLCSc7HIYgnk1+QegzObgIihyzwo<br class="">
Y3PVUcBYJZ29+RLxEFHDJPliyDBy0vCwAQQjtG8mg83U/mSAOQxeL2WlRMNhJCfL<br class="">
KjXuA1B7835Y8mHNXgSLYKfH/HYAM/aH58oxaeQX20s8iOauycMIHDVXU3NM2EK1<br class="">
syeAinXx/oFEeuyk5a7iJtPwvKtyyPlWIVOYoVI3Vkq8NQzMcPO5YaV7dK6JcOYq<br class="">
lE/ujB8/8w9ZLcMTpfLxczyEMDMKBE0c7mO7s9EHAs2kAuevyvx6JGO1+x3yqdVr<br class="">
cwjOm2iRKAZz6zWl/S6VXSrE4zVAicDIN0zcyxcTY/vhu+p0uHmWramG7AqFcdcc<br class="">
XnetsshXdynr3eYUWOY8Z2fO8/KB9WBh/kIc0JhzahnBTwwczhi/hxuPIe1+DJ3V<br class="">
nRQQXepeB7o/5c+M1yV1tHHn6RGbjWKDx8j6aFUjXWqXDdeZ47RjTBhqhid/Y5Xa<br class="">
MovSpvLkYjzddv1fOChzQPSNfYz0aehwPNsVhYSCaSw9m7V6cwqT4o+bNsqIxjS8<br class="">
Qj24l2QrwXymEY70vbbY<br class="">
=uDlj<br class="">
-----END PGP SIGNATURE-----<br class="">
<br class="">
</div>
</blockquote>
</div>
<br class="">
</div>
</body>
</html>