[strongSwan] Strongswan on android gingerbread
Federico.Mancini at ffi.no
Federico.Mancini at ffi.no
Wed Oct 26 15:38:57 CEST 2011
HI again,
good news, charon is up and running and I am 90% on the way to manage a connection!
So, I set up strong swan both on the emulator and a linux machine (gateway). The certificate is ok on the gateway and the IKEv2
protocol goes fine all the way until the android emulator gets a virtual IP assigned by the gateway.
And here is when I get this error:
I/charon ( 513): 10[IKE] installing new virtual IP 10.3.0.6
I/charon ( 513): 10[KNL] received netlink error: Function not implemented (38)
I/charon ( 513): 10[KNL] unable to add SAD entry with SPI c5ff9236
I/charon ( 513): 10[KNL] received netlink error: Function not implemented (38)
I/charon ( 513): 10[KNL] unable to add SAD entry with SPI c9901947
I/charon ( 513): 10[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel
I/charon ( 513): 10[CFG] status of Android plugin changed: 101
I/charon ( 513): 10[KNL] received netlink error: No such process (3)
I/charon ( 513): 10[KNL] unable to delete SAD entry with SPI c9901947
I/charon ( 513): 10[IKE] received AUTH_LIFETIME of 3372s, scheduling reauthentication in 2772s
I/charon ( 513): 10[IKE] peer supports MOBIKE
I found an identical issue on the mailing list from 2009 with title: Kernel NETKEY issue with charon
Here the solution was to patch the xfrm_algo.c file in the kernel, but I am using a newer version of the kernel (goldfish 2.6.29)
which seems to have that file already patched.
Function not implemented seems to be a very general error. I double checked that I have enabled all the required modules in the kernel (since once before I got
errors due to having forgotten to enable CONFIG_NET_KEY...).
What else could it be? (just as a note I have note enabled anything extra with the cryptographic API modules. )
Federico
-----Opprinnelig melding-----
Fra: users-bounces+sibxol=btconnect.com at lists.strongswan.org på vegne av Tobias Brunner
Sendt: fr 21.10.2011 16:53
Til: Mancini, Federico
Kopi: users at lists.strongswan.org
Emne: Re: [strongSwan] Strongswan on android gingerbread
> But what about just copying the android.mk file from the source tree
> inside the folder I get from extracting the
> strongswan-4.2.9-stable-4853.tar.bz2 file instead? Would that work?
No, not really. There were quite a lot changes needed to make
strongSwan run on Android. Now, strongSwan 4.2.9 is nearly three years
old and building strongSwan with Android.mk has not been supported until
4.4.0, which we released about 1.5 years ago. Is there any reason you
want to use 4.2.9 specifically and not a current version? Also, there
have been several Android-specific changes in the last few weeks so I'd
actually recommend you use 4.6.0 which we intend to release in a few
weeks (i.e. use the current master branch via git for now).
Regards,
Tobias
_______________________________________________
Users mailing list
Users at lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20111026/f7d4f9a0/attachment.html>
More information about the Users
mailing list