[strongSwan] Ipsec tunnel creation fails with received netlink error: No such file or directory (2)

Anbumani, Pradeep (NSN - IN/Bangalore) pradeep.anbumani at nsn.com
Wed Aug 25 13:40:59 CEST 2010


Hi All, 
We are using the 2.6.18-194 RHEL kernel on a diskless client. We have compiled this kernel for IPSec support. Now the issue is even after enabling all the required kernel modules for Ipsec we are still not able to create a tunnel as the tunnel creation fails with the error as blocked in red at the bottom.
May 19 09:25:37 hp3 charon: 03[CFG] received stroke: add connection 'host_2003' 
May 19 09:25:37 hp3 charon: 03[LIB] loaded certificate file '/etc/ipsec.d/certs/FAP-signed-by-ca-2002.pem' 
May 19 09:25:37 hp3 charon: 03[CFG] added configuration 'host_2003': 110.11.101.1[O=NSN, CN=FAP-2002]...110.10.101.1[O=NSN, CN=FAP-2000]
May 19 09:25:37 hp3 charon: 03[CFG] adding virtual IP address pool 'host_2003': 10.10.101.1/32 
May 19 09:25:40 hp3 charon: 10[NET] received packet: from 110.10.101.1[500] to 110.11.101.1[500] 
May 19 09:25:40 hp3 charon: 10[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] 
May 19 09:25:40 hp3 charon: 10[IKE] 110.10.101.1 is initiating an IKE_SA 
May 19 09:25:40 hp3 charon: 10[IKE] DH group MODP_2048_BIT inacceptable, requesting MODP_1024_BIT 
May 19 09:25:40 hp3 charon: 10[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ] 
May 19 09:25:40 hp3 charon: 10[NET] sending packet: from 110.11.101.1[500] to 110.10.101.1[500] 
May 19 09:25:40 hp3 charon: 11[NET] received packet: from 110.10.101.1[500] to 110.11.101.1[500] 
May 19 09:25:40 hp3 charon: 11[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] 
May 19 09:25:40 hp3 charon: 11[IKE] 110.10.101.1 is initiating an IKE_SA 
May 19 09:25:40 hp3 charon: 11[IKE] sending cert request for "O=NSN, CN=CA" 
May 19 09:25:40 hp3 charon: 11[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ ] 
May 19 09:25:40 hp3 charon: 11[NET] sending packet: from 110.11.101.1[500] to 110.10.101.1[500] 
May 19 09:25:40 hp3 charon: 12[NET] received packet: from 110.10.101.1[500] to 110.11.101.1[500] 
May 19 09:25:40 hp3 charon: 12[ENC] parsed IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH CP SA TSi TSr ] 
May 19 09:25:40 hp3 charon: 12[IKE] received cert request for "O=NSN, CN=CA" 
May 19 09:25:40 hp3 charon: 12[IKE] received end entity cert "O=NSN, CN=FAP-2000" 
May 19 09:25:40 hp3 charon: 12[CFG] using certificate "O=NSN, CN=FAP-2000" 
May 19 09:25:40 hp3 charon: 12[CFG] using trusted ca certificate "O=NSN, CN=CA" 
May 19 09:25:40 hp3 charon: 12[CFG] checking certificate status of "O=NSN, CN=FAP-2000" 
May 19 09:25:40 hp3 charon: 12[CFG] certificate status is not available 
May 19 09:25:40 hp3 charon: 12[IKE] authentication of 'O=NSN, CN=FAP-2000' with RSA signature successful 
May 19 09:25:40 hp3 charon: 12[CFG] found matching peer config "host_2003": O=NSN, CN=FAP-2002...O=NSN, CN=FAP-2000 with prio 40.12
May 19 09:25:41 hp3 charon: 12[IKE] authentication of 'O=NSN, CN=FAP-2002' (myself) with RSA signature successful 
May 19 09:25:41 hp3 charon: 12[IKE] scheduling reauthentication in 86055s 
May 19 09:25:41 hp3 charon: 12[IKE] maximum IKE_SA lifetime 86235s 
May 19 09:25:41 hp3 charon: 12[IKE] IKE_SA host_2003[2] established between 110.11.101.1[O=NSN, CN=FAP-2002]...110.10.101.1[O=NSN, CN=FAP-2000]
May 19 09:25:41 hp3 charon: 12[IKE] sending end entity cert "O=NSN, CN=FAP-2002" 
May 19 09:25:41 hp3 charon: 12[IKE] peer requested virtual IP 10.10.101.1 
May 19 09:25:41 hp3 charon: 12[CFG] assigning new lease to O=NSN, CN=FAP-2000 
May 19 09:25:41 hp3 charon: 12[IKE] assigning virtual IP 10.10.101.1 to peer 
May 19 09:25:41 hp3 charon: 12[KNL] received netlink error: No such file or directory (2) 
May 19 09:25:41 hp3 charon: 12[KNL] unable to add SAD entry with SPI c7f8ee23 
May 19 09:25:41 hp3 charon: 12[KNL] received netlink error: No such file or directory (2) 
May 19 09:25:41 hp3 charon: 12[KNL] unable to add SAD entry with SPI cdcb9c8f 
May 19 09:25:41 hp3 charon: 12[IKE] unable to install IPsec SA (SAD) in kernel 
The last few lines is the error received everytime we try to create a Ipsec tunnel. 
Can anybody please help me in solving this issue? 
Thanks in advance
Regards, 
Pradeep.A 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100825/419707ed/attachment.html>


More information about the Users mailing list