[strongSwan] unable to allocate SPIs from kernel

Wed Jun 8 11:55:30 CEST 2011

Hello Hemant,

execute "ipsec statusall" and post the list of loaded
strongSwan plugins.

Which Linux kernel and which strongSwan version are you using?

Regards

Andreas

On 08.06.2011 09:14, Agrawal Hemant-B10814 wrote:
> Hi,
> 
>                 While trying to use strongswan for net-net scenario, I
> am facing following error:
> 
> [root at P1024RDB /root]# ipsec up net-net
> 
> initiating IKE_SA net-net[2] to 200.200.200.20
> 
> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> 
> sending packet: from 200.200.200.10[500] to 200.200.200.20[500]
> 
> received packet: from 200.200.200.20[500] to 200.200.200.10[500]
> 
> parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
> CERTREQ N(MULT_AUTH) ]
> 
> received cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
> 
> sending cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
> 
> authentication of '200.200.200.10' (myself) with pre-shared key
> 
> establishing CHILD_SA net-net
> 
> *unable to allocate SPIs from kernel*
> 
> * *
> 
> I have compiled all the modules, which was suggested in
> 
> /http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules/
> 
> / /
> 
> I am still facing the problem.
> 
> My ipsec.conf is as follows:
> 
> / /
> 
> /# /etc/ipsec.conf - strongSwan IPsec configuration file/
> 
> / /
> 
> /config setup/
> 
> /        charondebug="chd 4, knl 4"/
> 
> /        crlcheckinterval=180/
> 
> /        strictcrlpolicy=no/
> 
> /        plutostart=no/
> 
> / /
> 
> /conn %default/
> 
> /        pfs=no/
> 
> /        ikelifetime=60m/
> 
> /        keylife=20m/
> 
> /        rekeymargin=3m/
> 
> /        keyingtries=1/
> 
> /        keyexchange=ikev2/
> 
> /        type=tunnel/
> 
> /        auth=esp/
> 
> /        compress=no/
> 
> /        mobike=no/
> 
> /        ike=3des-sha1-md5-modp1024!/
> 
> /        esp=aes128-3des-sha1-md5!/
> 
> /conn net-net/
> 
> /        authby=secret/
> 
> /        left=200.200.200.10/
> 
> /        leftsubnet=192.168.1.0/24/
> 
> /        leftfirewall=yes/
> 
> /        right=200.200.200.20/
> 
> /        rightsubnet=192.168.2.0/24/
> 
> /        auto=add/
> 
> Please help
> 
> Regards,
> 
> Hemant

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==