[strongSwan-dev] Fwd: Using Strongswan 32 binaries on under 64 bit kernel

Thomas Egerer hakke_007 at gmx.de
Sun Oct 26 10:54:06 CET 2014 

Hi,

just a couple of thoughts:
On 10/25/2014 04:41 PM, Tugrul Erdogan wrote:
> 
> Hi, 
> 
> I have patched the xframe.h and I am taking the errors below:
In what place did you patch xfrm.h, strongswan
or linux-kernel?

> 
> Oct 25 14:38:33 01[IKE] <vpntest_localne-host34_uzaknetwork|1> activating new tasks
> Oct 25 14:38:33 01[IKE] <vpntest_localne-host34_uzaknetwork|1>   activating QUICK_MODE task
> Oct 25 14:38:33 01[CFG] <vpntest_localne-host34_uzaknetwork|1> configured proposals: ESP:3DES_CBC/HMAC_MD5_96/MODP_1024/NO_EXT_SEQ,
> ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
> Oct 25 14:38:33 01[KNL] <vpntest_localne-host34_uzaknetwork|1> getting SPI for reqid {1}
> Oct 25 14:38:33 01[KNL] <vpntest_localne-host34_uzaknetwork|1> allocating SPI failed: Invalid argument (22)
> Oct 25 14:38:33 01[KNL] <vpntest_localne-host34_uzaknetwork|1> unable to get SPI for reqid {1}
> Oct 25 14:38:33 01[IKE] <vpntest_localne-host34_uzaknetwork|1> allocating SPI from kernel failed
> Oct 25 14:38:33 01[MGR] <vpntest_localne-host34_uzaknetwork|1> checkin and destroy IKE_SA vpntest_localne-host34_uzaknetwork[1]
> Oct 25 14:38:33 01[IKE] <vpntest_localne-host34_uzaknetwork|1> IKE_SA vpntest_localne-host34_uzaknetwork[1] state change: ESTABLISHED => DESTROYING
> Oct 25 14:38:33 01[MGR] check-in and destroy of IKE_SA successful
> 
> and the patch which I had done below:
> 
> --- ~/src/include/linux/xfrm.h 2014-10-25 16:27:11.000000000 +0300
> +++ ~/src/include/linux/xfrm.h.mod     2014-10-25 16:26:56.000000000 +0300
> @@ -355,6 +355,7 @@
>         __u8                            mode;           /* XFRM_MODE_xxx */
>         __u8                            replay_window;
>         __u8                            flags;
> +        __u32                           dummy_alligner;
>  #define XFRM_STATE_NOECN       1
>  #define XFRM_STATE_DECAP_DSCP  2
>  #define XFRM_STATE_NOPMTUDISC  4
> 
> what should be missing?
You surely did recompile libhydra and restart charon?
Also: try 'stroke loglevel knl 4' to see what's being sent
via netlink to the kernel.

Cheers,
Thomas

More information about the Dev mailing list