[strongSwan] unable to allocate SPIs from kernel
Agrawal Hemant-B10814
B10814 at freescale.com
Wed Jun 8 09:14:31 CEST 2011
Hi,
While trying to use strongswan for net-net scenario, I am facing following error:
[root at P1024RDB /root]# ipsec up net-net
initiating IKE_SA net-net[2] to 200.200.200.20
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 200.200.200.10[500] to 200.200.200.20[500]
received packet: from 200.200.200.20[500] to 200.200.200.10[500]
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
received cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
sending cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
authentication of '200.200.200.10' (myself) with pre-shared key
establishing CHILD_SA net-net
unable to allocate SPIs from kernel
I have compiled all the modules, which was suggested in
http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
I am still facing the problem.
My ipsec.conf is as follows:
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
charondebug="chd 4, knl 4"
crlcheckinterval=180
strictcrlpolicy=no
plutostart=no
conn %default
pfs=no
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
type=tunnel
auth=esp
compress=no
mobike=no
ike=3des-sha1-md5-modp1024!
esp=aes128-3des-sha1-md5!
conn net-net
authby=secret
left=200.200.200.10
leftsubnet=192.168.1.0/24
leftfirewall=yes
right=200.200.200.20
rightsubnet=192.168.2.0/24
auto=add
Please help
Regards,
Hemant
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110608/dcc93fdc/attachment.html>
More information about the Users
mailing list