[strongSwan] unable to allocate SPIs from kernel

Agrawal Hemant-B10814 B10814 at freescale.com
Wed Jun 8 09:14:31 CEST 2011


Hi,
                While trying to use strongswan for net-net scenario, I am facing following error:
[root at P1024RDB /root]# ipsec up net-net
initiating IKE_SA net-net[2] to 200.200.200.20
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 200.200.200.10[500] to 200.200.200.20[500]
received packet: from 200.200.200.20[500] to 200.200.200.10[500]
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
received cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
sending cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
authentication of '200.200.200.10' (myself) with pre-shared key
establishing CHILD_SA net-net
unable to allocate SPIs from kernel

I have compiled all the modules, which was suggested in
http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules

I am still facing the problem.
My ipsec.conf is as follows:

# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
        charondebug="chd 4, knl 4"
        crlcheckinterval=180
        strictcrlpolicy=no
        plutostart=no

conn %default
        pfs=no
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
        type=tunnel
        auth=esp
        compress=no
        mobike=no
        ike=3des-sha1-md5-modp1024!
        esp=aes128-3des-sha1-md5!
conn net-net
        authby=secret
        left=200.200.200.10
        leftsubnet=192.168.1.0/24
        leftfirewall=yes
        right=200.200.200.20
        rightsubnet=192.168.2.0/24
        auto=add
Please help
Regards,
Hemant
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110608/dcc93fdc/attachment.html>


More information about the Users mailing list