[strongSwan] ERROR: netlink response for Add SA esp.383251e8 at 10.19.156.242 included errno 93: Protocol not supported
MingM Xia
macguffin.xia at gmail.com
Mon Apr 12 11:38:49 CEST 2010
Hi,
I try to switch "Racoon" to "strongswan" on some Power PC machines, I met a
"esp.5dd3baaa at 10.19.156.194 included errno 93: Protocol not support" netlink
error in "tunnel mode" when strongwan try to build CHILD SA. strongswan
IKEv2 charon also has a similar problem on my machines in "tunnel" mode:"add
sa", kernel return "protocol not support".
I use the latest version of strongswan 4.3.6.
ERROR: netlink response for Add SA esp.383251e8 at 10.19.156.242 included errno
93: Protocol not supported
....
Apr 12 02:23:23 localhost pluto[25980]: | install_inbound_ipsec_sa()
checking if we can route
Apr 12 02:23:23 localhost pluto[25980]: | route owner of "host-host"
unrouted: NULL; eroute owner: NULL
Apr 12 02:23:23 localhost pluto[25980]: | kernel_alg_esp_info():transid=12,
auth=2, ei=0x10086cc8, enckeylen=32, authkeylen=20, encryptalg=12, authalg=3
Apr 12 02:23:23 localhost pluto[25980]: | configured authentication
algorithm DES_MAC with key size 160
Apr 12 02:23:23 localhost pluto[25980]: | configured esp encryption
algorithm AES_CBC with key size 128
Apr 12 02:23:23 localhost pluto[25980]: | req.p.mode = 1;
req.p.family = 2; req.p.flags = 32; req.p.id.spi =
942821864; req.p.id.proto = 50; req.p.sel.family =
0; req.p.sel.proto = 0
Apr 12 02:23:23 localhost pluto[25980]: "host-host" #2: ERROR: netlink
response for Add SA esp.383251e8 at 10.19.156.242 included errno 93: Protocol
not supported
Apr 12 02:23:23 localhost pluto[25980]: | state transition function for
STATE_QUICK_R0 had internal error
Apr 12 02:23:23 localhost pluto[25980]: | next event EVENT_SO_DISCARD in 0
seconds for #2
Apr 12 02:23:23 localhost pluto[25980]: |
Apr 12 02:23:23 localhost pluto[25980]: | *time to handle event
Apr 12 02:23:23 localhost pluto[25980]: | event after this is
EVENT_REINIT_SECRET in 3476 seconds
Apr 12 02:23:23 localhost pluto[25980]: | ICOOKIE: 63 de a2 6a 57 3b ff bb
Apr 12 02:23:23 localhost pluto[25980]: | RCOOKIE: 2d cb 1f a4 81 d6 ec 1e
Apr 12 02:23:23 localhost pluto[25980]: | peer: 0a 13 9c c2
Apr 12 02:23:23 localhost pluto[25980]: | state hash entry 8
Apr 12 02:23:23 localhost pluto[25980]: | next event EVENT_REINIT_SECRET in
3476 seconds
Apr 12 02:23:33 localhost pluto[25980]: |
...
"Apr 12 02:23:23 localhost pluto[25980]: | req.p.mode = 1;
req.p.family = 2; req.p.flags = 32; req.p.id.spi =
942821864; req.p.id.proto = 50; req.p.sel.family =
0; req.p.sel.proto = 0" is something I print out before
netlink_add_sa() try to send_netlink_msg "add SA" to Kernel, the prarameter
looks fine.
I have no idea whether there are some different kernel modules requirement
between "Racoon" and "strongswan", but I'm sure "Racoon" works well with
"tunnel mode" on those machines.
Kernel configuration(network related):
CONFIG_PACKET y
CONFIG_PACKET_MMAP y
CONFIG_UNIX y
CONFIG_XFRM y
CONFIG_XFRM_USER y
CONFIG_XFRM_SUB_POLICY not set
CONFIG_XFRM_MIGRATE y
CONFIG_XFRM_STATISTICS not set
CONFIG_XFRM_IPCOMP y
CONFIG_NET_KEY y
CONFIG_NET_KEY_MIGRATE not set
CONFIG_INTERPEAK not set
CONFIG_INET y
CONFIG_IP_MULTICAST not set
CONFIG_IP_ADVANCED_ROUTER not set
CONFIG_IP_FIB_HASH y
CONFIG_IP_PNP y
CONFIG_IP_PNP_DHCP not set
CONFIG_IP_PNP_BOOTP not set
CONFIG_IP_PNP_RARP not set
CONFIG_NET_IPIP not set
CONFIG_NET_IPGRE y
CONFIG_ARPD not set
CONFIG_SYN_COOKIES y
CONFIG_INET_AH y
CONFIG_INET_ESP y
CONFIG_INET_IPCOMP y
CONFIG_INET_XFRM_TUNNEL y
CONFIG_INET_TUNNEL y
CONFIG_IPSEC_NAT_TRAVERSAL not set
CONFIG_INET_XFRM_MODE_TRANSPORT y
CONFIG_INET_XFRM_MODE_TUNNEL y
CONFIG_INET_XFRM_MODE_BEET y
CONFIG_INET_LRO not set
CONFIG_INET_DIAG not set
CONFIG_TCP_CONG_ADVANCED not set
CONFIG_TCP_CONG_CUBIC y
CONFIG_DEFAULT_TCP_CONG cubic
CONFIG_TCP_MD5SIG not set
CONFIG_IP_VS not set
CONFIG_IPV6 not set
CONFIG_NETLABEL not set
CONFIG_NETWORK_SECMARK y
CONFIG_NETFILTER y
CONFIG_NETFILTER_DEBUG not set
CONFIG_NETFILTER_ADVANCED y
"Racoon" works well with "tunnel mode" on those machines.
root at hapWibbSc2:/etc# racoon -f racoon.conf.eric
root at hapWibbSc2:/etc# setkey -f setkey.conf.eric
root at hapWibbSc2:/etc# ping 10.19.156.194
PING 10.19.156.194 (10.19.156.194) 56(84) bytes of data.
64 bytes from 10.19.156.194: icmp_seq=2 ttl=64 time=0.615 ms
64 bytes from 10.19.156.194: icmp_seq=3 ttl=64 time=0.457 ms
--- 10.19.156.194 ping statistics ---
3 packets transmitted, 2 received, 33% packet loss, time 2956ms
rtt min/avg/max/mdev = 0.457/0.536/0.615/0.079 ms
root at hapWibbSc2:/etc#
root at hapWibbSc2:/etc# setkey -D
10.19.156.194 10.19.156.242
esp mode=tunnel spi=136801471(0x08276cbf) reqid=0(0x00000000)
E: aes-cbc c5e0faea b1073d16 d6d12bdb 193e7cd2
A: hmac-sha1 d3025a94 b3e1dee2 9b6db08d d6136242 4f4cbf77
seq=0x00000000 replay=4 flags=0x00000000 state=mature
created: Mar 1 18:50:20 2000 current: Mar 1 18:50:30 2000
diff: 10(s) hard: 28800(s) soft: 23040(s)
last: Mar 1 18:50:21 2000 hard: 0(s) soft: 0(s)
current: 168(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 2 hard: 0 soft: 0
sadb_seq=1 pid=25939 refcnt=0
10.19.156.242 10.19.156.194
esp mode=tunnel spi=240066640(0x0e4f2050) reqid=0(0x00000000)
E: aes-cbc 7336dbd0 ff041a4d c339915f 27f29a75
A: hmac-sha1 d24d61d1 3ae183a4 01bfc0c4 4310534f 93bbb833
seq=0x00000000 replay=4 flags=0x00000000 state=mature
created: Mar 1 18:50:20 2000 current: Mar 1 18:50:30 2000
diff: 10(s) hard: 28800(s) soft: 23040(s)
last: Mar 1 18:50:20 2000 hard: 0(s) soft: 0(s)
current: 252(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 3 hard: 0 soft: 0
sadb_seq=0 pid=25939 refcnt=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100412/7bf31636/attachment.html>
More information about the Users
mailing list