[strongSwan] strongSwan on Maemo (Nokia N900)
winterer at informatik.uni-freiburg.de
Fri Sep 2 12:43:21 CEST 2011
>>>> [IKE] unable to allocate SPIs from kernel
>>> Unfortunately, the stock N900 kernel does not support the required IPsec
>>> modules. You'll have to install the "kernel-power"  package. It seems
>>> that such a hint is missing on our wiki page, I'll fix that.
>> Hm, that's strange since the Maemo strongswan package actually has a
>> dependency on kernel-power (>= 2.6.28-maemo42). Peter, did you restart
>> your device after installing the packages?
> That's it, installing the "kernel-power"  package, solves the issue
> with "unable to allocate SPIs from kernel" on the device.
Although, I'm able to establish vpn-connection with "EAP NetworkManager
Client", I'm not able to connect with my N900 Device to our strongSwan
gateway. Something seems to be wrong with the gateway peer config. Both
clients(n900 and EAP NM) are configured with the "gateway-certificate".
The "Subject Alternative Name" of the gateway-certificate is
"email:root at vpn.server.de"
here is the gateway peer-config:
here is the gateway-log, when I try to connect with the n900 device:
08[NET] received packet: from 10.205.1.129 to 10.1.0.2
08[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr CP(ADDR DNS)
SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
[CFG] looking for peer configs matching
10.1.0.2[vpn.server.de]...10.205.1.129[wipe at mopo]
08[CFG] no matching peer config found
08[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
here the gateway-log, when I connect with "EAP NetworkManager" Client:
04[CFG] looking for peer configs matching 10.1.0.2[C=DE, O=MoPo WLAN Uni
Freiburg, CN=vpn.server.de]...10.205.1.1[wipe at mopo]
04[CFG] candidate "eap-intern", match: 20/1/5 (me/other/ike)
04[CFG] selected peer config 'mopo-eap-intern'
04[IKE] initiating EAP-Identity request
04[IKE] authentication of 'C=DE, O=MoPo WLAN Uni Freiburg,
CN=vpn.server.de' (myself) with RSA signature successful
04[ENC] generating IKE_AUTH response 1 [ IDr AUTH EAP/REQ/ID ]
14[IKE] received EAP identity 'wipe at mopo'
14[IKE] initiating EAP_RADIUS method
14[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
08[IKE] authentication of 'wipe at mopo' with EAP successful
Maybe this issue deals with the "SubjectAltName", configured in the
Thanks for any help!
More information about the Users