[strongSwan] 5.0.1 unable to set UDP_ENCAP: Protocol not available
Nan Luo
harvana2000 at yahoo.com
Fri Dec 7 20:22:31 CET 2012
Hello, all
I was trying to setup a IPv6 tunnel with strongSwan as the client. strongSwan sent the IKE_SA_INIT to my SGW and the SGW properly responded. Wireshark capture indicated that the IKE_SA_INIT response was received on the network interface that strongSwan was listening on, however the packet (IKE_SA_INIT response) was not handed over to charon, instead the packet was responded with a "ICMPv6 Unreachable (Administratively prohibited)". Any idea that the linux kernel can fail to distribute the packet to charon?
Examing the charon logs, I found the following errors:
"
charon: 00[KNL] unable to set UDP_ENCAP: Protocol not available
charon: 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
"
Do those errors have anything to do with the failure to setup IPv6 tunnels?
I am currently running strongSwan 5.0.1. The IPv6 connection is:
conn ipv6_cert
left=1080::192:160:1:100
leftsourceip=%config
leftcert=ss.cert
leftauth=pubkey
leftsubnet=1080::6:0:0/112
leftfirewall=yes
rightfirewall=yes
right=1080::192:160:1:10
rightsubnet=1080::15:15:15:0/112
rightauth=pubkey
auto=add
esp=aes-sha1-md5-modp1024
ike=3des-aes-sha1-md5-modp1024
-----------------
Thanks for your help
Nan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121207/42533e4f/attachment.html>
More information about the Users
mailing list