[strongSwan] received netlink error: No such file or directory

Martin Willi martin at strongswan.org
Thu Feb 17 09:17:28 CET 2011

Hi Barry,

> #2  0xc0104358 in crypto_alloc_aead (alg_name=0xdd8d3b70
>     "authenc(digest_null,cbc(aes))",

>From whatever source this digest_null comes from, it is completely
wrong. I'm in doubt that it comes from the IKE daemon, as we don't even
have a string "digest_null" to select such an algorithm. And from your

> 13[KNL] adding SAD entry with SPI ca6f5702 and reqid {2}
> 13[KNL]   using encryption algorithm AES_CBC with key size 256
> 13[KNL]   using integrity algorithm HMAC_SHA2_256_128 with key size 256
> 13[KNL] received netlink error: No such file or directory (2)

I see that the algorithms have been negotiated correctly. You may try to
increase the "cfg" loglevel to see the proposal selection process.

> arch/powerpc/kernel/entry_32.S:268

I couldn't reproduce the problem on x86 using your proposals. Maybe this
is an architecture specific issue, but I don't have a PowerPC for

>    ike=aes256-sha2_256-modp1536,aes256-sha1-modp1536,aes128-sha2_256-modp1536,aes128-sha1-modp1536,3des-sha2_256-modp1536,3des-sha1-modp1536
>    esp=aes256-sha2_256-modp1536,aes256-sha1-modp1536,aes128-sha2_256-modp1536,aes128-sha1-modp1536,3des-sha2_256-modp1536,3des-sha1-modp1536

You probably can simplify this proposal to

>    pfs=yes
>    pfsgroup=modp1536

PFS in IKEv2 is used if the ESP proposal contains a DH group, these
options are meaningless for IKEv2.

> Has the format of the ike/esp lines changed and I missed
> it or what?

No, the format should be the same.

I'd suggest to check if the algorithm negotiation works as expected, and
if so, if the algorithms arrive in kernel XFRM with the correct strings
before the aead wrapper gets constructed.


More information about the Users mailing list