<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

</head>

<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

Hi Noel.

<div class=""><br class="">

</div>

<div class="">Thanks for the response.</div>

<div class=""><br class="">

</div>

<div class="">If you read further, you will see retry and success. I copied and pasted message from failure to success here.</div>

<div class=""><br class="">

</div>

<div class="">See the end of log.</div>

<div class=""><br class="">

</div>

<div class="">

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:56 13[KNL] setting WFP SA SPI failed: 0x80320035</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:56 13[IKE] unable to install IPsec policies (SPD) in kernel</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:56 13[IKE] failed to establish CHILD_SA, keeping IKE_SA</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:56 13[IKE] sending DELETE for ESP CHILD_SA with SPI cef5a6bf</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:56 13[ENC] generating INFORMATIONAL request 2 [ D ]</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:56 13[NET] sending packet: from 172.16.115.240[4500] to 66.151.147.21[4500] (76 bytes)</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:57 16[NET] received packet: from 66.151.147.21[4500] to 172.16.115.240[4500] (76 bytes)</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:57 16[ENC] parsed INFORMATIONAL response 2 [ D ]</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:57 17[KNL] creating acquire job for policy 172.16.115.240/32[icmp/8] === 192.168.10.2/32[icmp/0] with reqid {1}</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:57 14[IKE] establishing CHILD_SA child_a25_a26{1}</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:57 14[ENC] generating CREATE_CHILD_SA request 3 [ SA No TSi TSr ]</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:57 14[NET] sending packet: from 172.16.115.240[4500] to 66.151.147.21[4500] (236 bytes)</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:58 17[KNL] creating acquire job for policy 172.16.115.240/32[icmp/8] === 192.168.10.2/32[icmp/0] with reqid {1}</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:58 06[CFG] ignoring acquire, connection attempt pending</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:59 17[KNL] creating acquire job for policy 172.16.115.240/32[icmp/8] === 192.168.10.2/32[icmp/0] with reqid {1}</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:42:59 08[CFG] ignoring acquire, connection attempt pending</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:43:00 17[KNL] creating acquire job for policy 172.16.115.240/32[icmp/8] === 192.168.10.2/32[icmp/0] with reqid {1}</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:43:00 12[CFG] ignoring acquire, connection attempt pending</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:43:01 09[IKE] retransmit 1 of request with message ID 3</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:43:01 09[NET] sending packet: from 172.16.115.240[4500] to 66.151.147.21[4500] (236 bytes)</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:43:01 17[KNL] creating acquire job for policy 172.16.115.240/32[icmp/8] === 192.168.10.2/32[icmp/0] with reqid {1}</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:43:01 05[CFG] ignoring acquire, connection attempt pending</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:43:01 10[NET] received packet: from 66.151.147.21[4500] to 172.16.115.240[4500] (236 bytes)</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:43:01 10[ENC] parsed CREATE_CHILD_SA response 3 [ SA No TSi TSr ]</div>

<div class="" style="font-family: Courier; margin: 0px;">2015-11-28T08:43:01 10[IKE] CHILD_SA child_a25_a26{6} established with SPIs ce117294_i be8f068b_o and TS 172.16.115.240/32 === 192.168.10.0/24 </div>

<div class="" style="font-family: Courier; margin: 0px;"><br class="">

</div>

<div class="" style="font-family: Courier; margin: 0px;"><br class="">

</div>

<div class="" style="font-family: Courier; margin: 0px;"><br class="">

</div>

<div>

<blockquote type="cite" class="">

<div class="">On Nov 28, 2015, at 10:57 AM, Noel Kuntze <<a href="mailto:noel@familie-kuntze.de" class="">noel@familie-kuntze.de</a>> wrote:</div>

<br class="Apple-interchange-newline">

<div class=""><br class="">

-----BEGIN PGP SIGNED MESSAGE-----<br class="">

Hash: SHA256<br class="">

<br class="">

Hello Jaehong,<br class="">

<br class="">

Your diagnosis is completely wrong. That's not the root of the problem.<br class="">

It's because charon is not allowed to install the policies into the kernel.<br class="">

<br class="">

<blockquote type="cite" class="">2015-11-28T08:42:56 13[KNL] setting WFP SA SPI failed: 0x80320035<br class="">

2015-11-28T08:42:56 13[IKE] unable to install IPsec policies (SPD) in kernel<br class="">

2015-11-28T08:42:56 13[IKE] failed to establish CHILD_SA, keeping IKE_SA<br class="">

</blockquote>

<br class="">

<br class="">

- -- <br class="">

<br class="">

Mit freundlichen Grüßen/Kind Regards,<br class="">

Noel Kuntze<br class="">

<br class="">

GPG Key ID: 0x63EC6658<br class="">

Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br class="">

<br class="">

-----BEGIN PGP SIGNATURE-----<br class="">

Version: GnuPG v2<br class="">

<br class="">

iQIcBAEBCAAGBQJWWfkmAAoJEDg5KY9j7GZYD5YP/RxIZIuiPY2Qqp1FYVRawmY6<br class="">

QReYfbA8T1XBmoqV9L3aTpJoMt/9LraK4xS5P9nCvvrGW89W/ARibMO75h251NAH<br class="">

bYqceXXmODF+lnxB/I+Irk07qLScXEPiGz1ozLCSc7HIYgnk1+QegzObgIihyzwo<br class="">

Y3PVUcBYJZ29+RLxEFHDJPliyDBy0vCwAQQjtG8mg83U/mSAOQxeL2WlRMNhJCfL<br class="">

KjXuA1B7835Y8mHNXgSLYKfH/HYAM/aH58oxaeQX20s8iOauycMIHDVXU3NM2EK1<br class="">

syeAinXx/oFEeuyk5a7iJtPwvKtyyPlWIVOYoVI3Vkq8NQzMcPO5YaV7dK6JcOYq<br class="">

lE/ujB8/8w9ZLcMTpfLxczyEMDMKBE0c7mO7s9EHAs2kAuevyvx6JGO1+x3yqdVr<br class="">

cwjOm2iRKAZz6zWl/S6VXSrE4zVAicDIN0zcyxcTY/vhu+p0uHmWramG7AqFcdcc<br class="">

XnetsshXdynr3eYUWOY8Z2fO8/KB9WBh/kIc0JhzahnBTwwczhi/hxuPIe1+DJ3V<br class="">

nRQQXepeB7o/5c+M1yV1tHHn6RGbjWKDx8j6aFUjXWqXDdeZ47RjTBhqhid/Y5Xa<br class="">

MovSpvLkYjzddv1fOChzQPSNfYz0aehwPNsVhYSCaSw9m7V6cwqT4o+bNsqIxjS8<br class="">

Qj24l2QrwXymEY70vbbY<br class="">

=uDlj<br class="">

-----END PGP SIGNATURE-----<br class="">

<br class="">

</div>

</blockquote>

</div>

<br class="">

</div>

</body>

</html>