[strongSwan] Fwd: [ Strongwswan ]:Received netlink error: Invalid argument (22) in IKEv1 for IPv6

SaRaVanAn saravanan.nagarajan87 at gmail.com
Fri Dec 14 07:40:40 CET 2012 

Hi,
  I m also facing same kind of issue.
What could be the reason for kernel Netlink errors?.
I guess there is some problem in the parameters passed to the
kernel by strongswan user space daemon.

Regards,
Saravanan N

On Tue, Dec 11, 2012 at 12:46 PM, pradeep p <doors.pradeep at gmail.com> wrote:

>
>
>
> Hi,
>   We are trying to establish a site-site tunnel with Strongswan using
> IKEV1 in IPv6, but we are getting the below error messages.
> Please provide your views on this.
>
>
> Error messages
> :
> _________________
>
> 11 12:30:57 localhost pluto[8351]: | route owner of "fqdn_vr"[1]
> 2001:1234::4 unrouted: NULL; eroute owner: NULL
> Dec 11 12:30:57 localhost pluto[8351]: | kernel_alg_esp_info():transid=3,
> auth=2, ei=0x80b6b48, enckeylen=24, authkeylen=20, encryptalg=3, authalg=3
> Dec 11 12:30:57 localhost pluto[8351]: | adding SAD entry with SPI
> ccc9281d and reqid {16388}
> Dec 11 12:30:57 localhost pluto[8351]: |   using encryption algorithm
> 3DES_CBC with key size 192
> Dec 11 12:30:57 localhost pluto[8351]: |   using integrity algorithm
> HMAC_SHA1_96 with key size 160
> Dec 11 12:30:57 localhost pluto[8351]: | sending XFRM_MSG_UPDSA: => 452
> bytes @ 0xbff5ded8
> Dec 11 12:30:57 localhost pluto[8351]: |    0: C4 01 00 00 1A 00 05 00 CA
> 00 00 00 9F 20 00 00  ............. ..
> Dec 11 12:30:57 localhost pluto[8351]: |   16: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00  ................
> Dec 11 12:30:57 localhost pluto[8351]: |   32: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00  ................
> Dec 11 12:30:57 localhost pluto[8351]: |   48: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00  ................
> Dec 11 12:30:57 localhost pluto[8351]: |   64: 00 00 00 00 00 00 00 00 20
> 01 12 34 00 00 00 00  ........ ..4....
> Dec 11 12:30:57 localhost pluto[8351]: |   80: 00 00 00 00 00 00 00 05 CC
> C9 28 1D 32 00 00 00  ..........(.2...
> Dec 11 12:30:57 localhost pluto[8351]: |   96: 20 01 12 34 00 00 00 00 00
> 00 00 00 00 00 00 04   ..4............
> Dec 11 12:30:57 localhost pluto[8351]: |  112: FF FF FF FF FF FF FF FF FF
> FF FF FF FF FF FF FF  ................
> Dec 11 12:30:57 localhost pluto[8351]: |  128: FF FF FF FF FF FF FF FF FF
> FF FF FF FF FF FF FF  ................
> Dec 11 12:30:57 localhost pluto[8351]: |  144: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00  ................
> Dec 11 12:30:57 localhost pluto[8351]: |  160: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00  ................
> Dec 11 12:30:57 localhost pluto[8351]: |  176: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00  ................
> Dec 11 12:30:57 localhost pluto[8351]: |  192: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00  ................
> Dec 11 12:30:57 localhost pluto[8351]: |  208: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00  ................
> Dec 11 12:30:57 localhost pluto[8351]: |  224: 04 40 00 00 0A 00 00 20 00
> 00 00 00 60 00 02 00  . at ..... ....`...
> Dec 11 12:30:57 localhost pluto[8351]: |  240: 64 65 73 33 5F 65 64 65 00
> 00 00 00 00 00 00 00  des3_ede........
> Dec 11 12:30:57 localhost pluto[8351]: |  256: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00  ................
> Dec 11 12:30:57 localhost pluto[8351]: |  272: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00  ................
> Dec 11 12:30:57 localhost pluto[8351]: |  288: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00  ................
> Dec 11 12:30:57 localhost pluto[8351]: |  304: C0 00 00 00 F1 49 AF 9F 68
> E2 91 6A CD 81 9C 7B  .....I..h..j...{
> Dec 11 12:30:57 localhost pluto[8351]: |  320: A9 97 7C 33 82 5E A7 32 FD
> FA D2 78 5C 00 01 00  ..|3.^.2...x\...
> Dec 11 12:30:57 localhost pluto[8351]: |  336: 73 68 61 31 00 00 00 00 00
> 00 00 00 00 00 00 00  sha1............
> Dec 11 12:30:57 localhost pluto[8351]: |  352: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00  ................
> Dec 11 12:30:57 localhost pluto[8351]: |  368: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00  ................
> Dec 11 12:30:57 localhost pluto[8351]: |  384: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00  ................
> Dec 11 12:30:57 localhost pluto[8351]: |  400: A0 00 00 00 F0 24 25 B4 CA
> F7 7C FE 3D 7C B9 3D  .....$%...|.=|.=
> Dec 11 12:30:57 localhost pluto[8351]: |  416: 36 BF C3 F0 EA AE 2B 35 1C
> 00 04 00 02 00 01 F4  6.....+5........
> Dec 11 12:30:57 localhost pluto[8351]: |  432: 01 F4 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00  ................
> Dec 11 12:30:57 localhost pluto[8351]: |  448: 00 00 00
> 00                                      ....
> Dec 11 12:30:57 localhost pluto[8351]: received netlink error: Invalid
> argument (22)
> Dec 11 12:30:57 localhost pluto[8351]: unable to add SAD entry with SPI
> ccc9281d
> Dec 11 12:30:57 localhost pluto[8351]: | state transition function for
> STATE_QUICK_R0 had internal error
> Dec 11 12:30:57 localhost pluto[8351]: | next event EVENT_SO_DISCARD in 0
> seconds for #2
> Dec 11 12:30:57 localhost pluto[8351]: |
> Dec 11 12:30:57 localhost pluto[8351]: | *time to handle event
> Dec 11 12:30:57 localhost pluto[8351]: | event after this is
> EVENT_NAT_T_KEEPALIVE in 17 seconds
> Dec 11 12:30:57 localhost pluto[8351]: | ICOOKIE:  74 73 4b 7e  28 72 8d bf
> Dec 11 12:30:57 localhost pluto[8351]: | RCOOKIE:  f2 49 84 f1  aa 34 aa b6
> Dec 11 12:30:57 localhost pluto[8351]: | peer:  20 01 12 34  00 00 00 00
> 00 00 00 00  00 00 00 04
> Dec 11 12:30:57 localhost pluto[8351]: | state hash entry 19
> Dec 11 12:30:57 localhost pluto[8351]: | next event EVENT_NAT_T_KEEPALIVE
> in 17 seconds
>
>
> Configurations:
> ___________
> ipsec.conf
>
> ca vpnca
>          cacert=CA_Cert.crt
>          auto=add
>
> config setup
>           plutodebug=all
>           charonstart=yes
>           charondebug="ike 4, mgr 4, chd 4, net 4"
>           nat_traversal=yes
>           crlcheckinterval=10m
>           strictcrlpolicy=no
>
> conn %default
>         ikelifetime=8h
>         lifetime = 8h
>         rekeyfuzz = 100%
>         keyingtries=1
>
> conn fqdn_vr
>     type=transport
>     keyexchange=ikev1
>     ike=aes128-aes256-sha1-modp1536-modp2048,3des-sha1-md5-modp1536
>     pfs=no
>     esp=aes128-aes256-sha1-modp1536-modp2048,3des-sha1-md5-modp1536
>     left=2001:1234::5
>     leftcert=strongswan_cert.crt
>     leftid="C=IN, O=cass, OU=ac, CN=peer"
>     rightid="C=IN, O=cass, OU=ca, CN=dut"
>     right=%any
>     rekey=no
>     auto=add
>
> ipsec.secrets
> ____________
> : RSA strongwan_key.key
>
> Regards,
> *PRADEEP*
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121214/0f6e1108/attachment.html>

More information about the Users mailing list