[strongSwan] unable to allocate SPIs from kernel
Agrawal Hemant-B10814
B10814 at freescale.com
Wed Jun 8 12:10:33 CEST 2011
Hi Andreas,
I am running linux 2.6.35 with strongswan 4.5.1
The result of ipsec status all is
ipsec statusall
Status of IKEv2 charon daemon (strongSwan 4.5.1):
uptime: 3 hours, siince Aug o28 12:02:36 2009
135168, mmap 0, used 56928, free 78240
worker threads: 11 idle of 16, job queue load: 0, scheduled events: 0
ns: aes edes sha1 sha2 md5 pem pkcs1 gmp random pubkey x509 revocation hmac stroke socket-raw updown
Listening IP addressses:
CIonnections:
net-nent: 200.200.200.20...200.200.200.10
net-ne.t: loc al: [200.200.200.20] uses pre-shared keey authenticationy
remote: [200.2 00.200.1:0] uses 0any authentication
net-net: child: 192.:168.2.0/24 === 192.168.12.0/24
Security Associations:
None
Regards,
Hemant
-----Original Message-----
From: Andreas Steffen [mailto:andreas.steffen at strongswan.org]
Sent: Wednesday, June 08, 2011 3:26 PM
To: Agrawal Hemant-B10814
Cc: Users at lists.strongswan.org
Subject: Re: [strongSwan] unable to allocate SPIs from kernel
Hello Hemant,
execute "ipsec statusall" and post the list of loaded strongSwan plugins.
Which Linux kernel and which strongSwan version are you using?
Regards
Andreas
On 08.06.2011 09:14, Agrawal Hemant-B10814 wrote:
> Hi,
>
> While trying to use strongswan for net-net scenario, I
> am facing following error:
>
> [root at P1024RDB /root]# ipsec up net-net
>
> initiating IKE_SA net-net[2] to 200.200.200.20
>
> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
> ]
>
> sending packet: from 200.200.200.10[500] to 200.200.200.20[500]
>
> received packet: from 200.200.200.20[500] to 200.200.200.10[500]
>
> parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
> CERTREQ N(MULT_AUTH) ]
>
> received cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
>
> sending cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
>
> authentication of '200.200.200.10' (myself) with pre-shared key
>
> establishing CHILD_SA net-net
>
> *unable to allocate SPIs from kernel*
>
> * *
>
> I have compiled all the modules, which was suggested in
>
> /http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules/
>
> / /
>
> I am still facing the problem.
>
> My ipsec.conf is as follows:
>
> / /
>
> /# /etc/ipsec.conf - strongSwan IPsec configuration file/
>
> / /
>
> /config setup/
>
> / charondebug="chd 4, knl 4"/
>
> / crlcheckinterval=180/
>
> / strictcrlpolicy=no/
>
> / plutostart=no/
>
> / /
>
> /conn %default/
>
> / pfs=no/
>
> / ikelifetime=60m/
>
> / keylife=20m/
>
> / rekeymargin=3m/
>
> / keyingtries=1/
>
> / keyexchange=ikev2/
>
> / type=tunnel/
>
> / auth=esp/
>
> / compress=no/
>
> / mobike=no/
>
> / ike=3des-sha1-md5-modp1024!/
>
> / esp=aes128-3des-sha1-md5!/
>
> /conn net-net/
>
> / authby=secret/
>
> / left=200.200.200.10/
>
> / leftsubnet=192.168.1.0/24/
>
> / leftfirewall=yes/
>
> / right=200.200.200.20/
>
> / rightsubnet=192.168.2.0/24/
>
> / auto=add/
>
> Please help
>
> Regards,
>
> Hemant
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
More information about the Users
mailing list