[strongSwan] [ Strongwswan ]:Received netlink error: Invalid argument (22) in IKEv1 for IPv6

pradeep p doors.pradeep at gmail.com
Tue Dec 11 08:11:33 CET 2012 

Hi,
  We are trying to establish a site-site tunnel with Strongswan using IKEV1
in IPv6, but we are getting the below error messages.
Please provide your views on this.


Error messages
:
_________________

11 12:30:57 localhost pluto[8351]: | route owner of "fqdn_vr"[1]
2001:1234::4 unrouted: NULL; eroute owner: NULL
Dec 11 12:30:57 localhost pluto[8351]: | kernel_alg_esp_info():transid=3,
auth=2, ei=0x80b6b48, enckeylen=24, authkeylen=20, encryptalg=3, authalg=3
Dec 11 12:30:57 localhost pluto[8351]: | adding SAD entry with SPI ccc9281d
and reqid {16388}
Dec 11 12:30:57 localhost pluto[8351]: |   using encryption algorithm
3DES_CBC with key size 192
Dec 11 12:30:57 localhost pluto[8351]: |   using integrity algorithm
HMAC_SHA1_96 with key size 160
Dec 11 12:30:57 localhost pluto[8351]: | sending XFRM_MSG_UPDSA: => 452
bytes @ 0xbff5ded8
Dec 11 12:30:57 localhost pluto[8351]: |    0: C4 01 00 00 1A 00 05 00 CA
00 00 00 9F 20 00 00  ............. ..
Dec 11 12:30:57 localhost pluto[8351]: |   16: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Dec 11 12:30:57 localhost pluto[8351]: |   32: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Dec 11 12:30:57 localhost pluto[8351]: |   48: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Dec 11 12:30:57 localhost pluto[8351]: |   64: 00 00 00 00 00 00 00 00 20
01 12 34 00 00 00 00  ........ ..4....
Dec 11 12:30:57 localhost pluto[8351]: |   80: 00 00 00 00 00 00 00 05 CC
C9 28 1D 32 00 00 00  ..........(.2...
Dec 11 12:30:57 localhost pluto[8351]: |   96: 20 01 12 34 00 00 00 00 00
00 00 00 00 00 00 04   ..4............
Dec 11 12:30:57 localhost pluto[8351]: |  112: FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF  ................
Dec 11 12:30:57 localhost pluto[8351]: |  128: FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF  ................
Dec 11 12:30:57 localhost pluto[8351]: |  144: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Dec 11 12:30:57 localhost pluto[8351]: |  160: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Dec 11 12:30:57 localhost pluto[8351]: |  176: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Dec 11 12:30:57 localhost pluto[8351]: |  192: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Dec 11 12:30:57 localhost pluto[8351]: |  208: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Dec 11 12:30:57 localhost pluto[8351]: |  224: 04 40 00 00 0A 00 00 20 00
00 00 00 60 00 02 00  . at ..... ....`...
Dec 11 12:30:57 localhost pluto[8351]: |  240: 64 65 73 33 5F 65 64 65 00
00 00 00 00 00 00 00  des3_ede........
Dec 11 12:30:57 localhost pluto[8351]: |  256: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Dec 11 12:30:57 localhost pluto[8351]: |  272: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Dec 11 12:30:57 localhost pluto[8351]: |  288: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Dec 11 12:30:57 localhost pluto[8351]: |  304: C0 00 00 00 F1 49 AF 9F 68
E2 91 6A CD 81 9C 7B  .....I..h..j...{
Dec 11 12:30:57 localhost pluto[8351]: |  320: A9 97 7C 33 82 5E A7 32 FD
FA D2 78 5C 00 01 00  ..|3.^.2...x\...
Dec 11 12:30:57 localhost pluto[8351]: |  336: 73 68 61 31 00 00 00 00 00
00 00 00 00 00 00 00  sha1............
Dec 11 12:30:57 localhost pluto[8351]: |  352: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Dec 11 12:30:57 localhost pluto[8351]: |  368: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Dec 11 12:30:57 localhost pluto[8351]: |  384: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Dec 11 12:30:57 localhost pluto[8351]: |  400: A0 00 00 00 F0 24 25 B4 CA
F7 7C FE 3D 7C B9 3D  .....$%...|.=|.=
Dec 11 12:30:57 localhost pluto[8351]: |  416: 36 BF C3 F0 EA AE 2B 35 1C
00 04 00 02 00 01 F4  6.....+5........
Dec 11 12:30:57 localhost pluto[8351]: |  432: 01 F4 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Dec 11 12:30:57 localhost pluto[8351]: |  448: 00 00 00
00                                      ....
Dec 11 12:30:57 localhost pluto[8351]: received netlink error: Invalid
argument (22)
Dec 11 12:30:57 localhost pluto[8351]: unable to add SAD entry with SPI
ccc9281d
Dec 11 12:30:57 localhost pluto[8351]: | state transition function for
STATE_QUICK_R0 had internal error
Dec 11 12:30:57 localhost pluto[8351]: | next event EVENT_SO_DISCARD in 0
seconds for #2
Dec 11 12:30:57 localhost pluto[8351]: |
Dec 11 12:30:57 localhost pluto[8351]: | *time to handle event
Dec 11 12:30:57 localhost pluto[8351]: | event after this is
EVENT_NAT_T_KEEPALIVE in 17 seconds
Dec 11 12:30:57 localhost pluto[8351]: | ICOOKIE:  74 73 4b 7e  28 72 8d bf
Dec 11 12:30:57 localhost pluto[8351]: | RCOOKIE:  f2 49 84 f1  aa 34 aa b6
Dec 11 12:30:57 localhost pluto[8351]: | peer:  20 01 12 34  00 00 00 00
00 00 00 00  00 00 00 04
Dec 11 12:30:57 localhost pluto[8351]: | state hash entry 19
Dec 11 12:30:57 localhost pluto[8351]: | next event EVENT_NAT_T_KEEPALIVE
in 17 seconds


Configurations:
___________
ipsec.conf

ca vpnca
         cacert=CA_Cert.crt
         auto=add

config setup
          plutodebug=all
          charonstart=yes
          charondebug="ike 4, mgr 4, chd 4, net 4"
          nat_traversal=yes
          crlcheckinterval=10m
          strictcrlpolicy=no

conn %default
        ikelifetime=8h
        lifetime = 8h
        rekeyfuzz = 100%
        keyingtries=1

conn fqdn_vr
    type=transport
    keyexchange=ikev1
    ike=aes128-aes256-sha1-modp1536-modp2048,3des-sha1-md5-modp1536
    pfs=no
    esp=aes128-aes256-sha1-modp1536-modp2048,3des-sha1-md5-modp1536
    left=2001:1234::5
    leftcert=strongswan_cert.crt
    leftid="C=IN, O=cass, OU=ac, CN=peer"
    rightid="C=IN, O=cass, OU=ca, CN=dut"
    right=%any
    rekey=no
    auto=add

ipsec.secrets
____________
: RSA strongwan_key.key

I have attached detailed logs for your reference

-- 
Regards,
*PRADEEP*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121211/cce21a07/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: log
Type: application/octet-stream
Size: 127727 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121211/cce21a07/attachment.obj>

More information about the Users mailing list