[strongSwan] CHILD_SA can't setup with the configuration of MARK keywords

Yu Yin - Picochip yuy at picochip.com
Mon Jul 18 05:06:28 CEST 2011 

Hi guys,

 

I used to add a  <app:ds:custom> custom  <app:ds:made> eap-aka plugin at the
old strongswan version(4.3.4). 

And now I want to use the xfrm MARK function in the 4.3.4 version.

So I merged the mark related code from 4.4.1 to the 4.3.4 version with the
reference of revision ee26c537 and revision 26c4d010.

After that, I have tried to setup a host-host tunnel with mark support, but
the strongswan output some error:

received netlink error: Numerical result out of range (34)

 

the whole log and ipsec.conf is below.

 

ipsec.conf of host A:

 

config setup

                strictcrlpolicy=no

                plutostart=no

 

conn %default

 
ike=3des-sha1-modp1024,aes-sha1-modp1024,null-sha1-modp1024,3des-sha1-modp20
48,aes-sha1-modp2048,null-sha1-modp2048!

                esp=null-sha1,aes-sha1,3des-sha1!

                ikelifetime=24h

                keylife=12m

                keyexchange=ikev2

        dpdaction=clear

        dpddelay=20m

conn host-host

        left=172.19.2.101

        leftid=www.hostA.org

        leftcert=/etc/ipsec.d/certs/hostA.pem

        leftfirewall=yes

        mark=20

        right=172.19.4.166

        rightid=www.hostB.org

        rightcert=/etc/ipsec.d/certs/ hostB.pem

        rightsendcert=never

        auto=start

 

ipsec.conf of host B:

 

config setup

                strictcrlpolicy=no

                plutostart=no

                keep_alive=3m

conn %default

                ike=aes-sha1-modp1024!

                esp=aes-sha1!

                ikelifetime=1440m

                keylife=12m

                rekeymargin=3m

                keyingtries=1

                reauth=no

                keyexchange=ikev2

                dpdaction=clear

                dpddelay=10m

 

conn host-host

         left=172.19.4.166

         leftcert=/etc/ipsec.d/certs/hostB.pem

         right=172.19.2.101

         rightsubnet=0.0.0.0/0

         mark=20

         auto=add

         leftid=www.hostB.org

         rightid=www.hostA.org

 

log on host A and B is attached.

 

Thanks and regards,

Ethan

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110718/a4181ecc/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: host A charon.out
Type: application/octet-stream
Size: 4844 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110718/a4181ecc/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: host B charon.out
Type: application/octet-stream
Size: 4877 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110718/a4181ecc/attachment-0001.obj>

More information about the Users mailing list