[strongSwan] kernel upgrades

Tobias Brunner tobias at strongswan.org
Wed Feb 8 18:02:05 CET 2012


Hi Alexandre,

> When running strongswan with the 3.2 kernel here is what i find in the logs:
> 
> Feb  8 16:56:11 shire charon: 16[KNL] unable to add policy 172.17.2.0/24 
> === 172.20.0.0/23 out
> Feb  8 16:56:11 shire charon: 16[KNL] unable to add policy 172.20.0.0/23 
> === 172.17.2.0/24 in
> Feb  8 16:56:11 shire charon: 16[KNL] unable to add policy 172.20.0.0/23 
> === 172.17.2.0/24 fwd
> Feb  8 16:56:11 shire charon: 16[IKE] unable to install IPsec policies 
> (SPD) in kernel
> 
> If i check ip xfrm policy I indeed note that the policy vanished, 
> whereas the tunnel seems still up

Yes, the errors above are currently ignored by the daemon.  They are
usually seen if the policies are already installed in the kernel (e.g.
because the daemon previously crashed and the policies were not flushed
before it got restarted).
If anything else were the reason for them you would see additional error
messages like "received netlink error: ..." in the log.
But since you say you don't see the policies listed in "ip xfrm policy"
this seems a bit strange...

Not sure what happened here but recent versions of strongSwan should run
fine on 3.2 kernels, as can be seen by the latest results of our test
suite [1], which Andreas recently ran with a 3.2.4 kernel against the
4.6.2 release candidate (if that's also true for 4.4.1, I don't know).

Regards,
Tobias

[1] http://www.strongswan.org/uml-testresults4rc.html




More information about the Users mailing list