[strongSwan] IKEv2 - IKE_AUTH request problem
Tobias Brunner
tobias at strongswan.org
Wed Feb 15 19:25:54 CET 2012
Hi Gowri,
> 05[CFG] added configuration 'tahi_ikev2_test'
> 10[CFG] stroke message => -2036037751 bytes @ 0xfff80ede300
> 10[CFG] received stroke: route 'tahi_ikev2_test'
I'm unable to reproduce this even by forcing the length to a very large
value. On what architecture are you running this?
> 10[KNL] adding policy <NUT IP6> === <TN IP6> out
> 10[KNL] sending XFRM_MSG_NEWPOLICY: => 252 bytes @ 0xfff80edda28
> ....
> 10[KNL] unable to add policy <NUT IP6> === <TN IP6> out
> ....
> 10[CFG] installing trap failed
>
> I am suspecting over stroke message which is shown as negative bytes.
That output there is strange, but it should not lead to the problem seen
above (it even seems that the stroke message was properly received, i.e.
the negative value is just a glitch in the debug output). The error
"unable to add policy ..." usually means that the policy is already
installed in the kernel (you can check with 'ip xfrm policy'). If
that's the case try to flush them, which actually should automatically
happen with e.g. ipsec stop.
Regards,
Tobias
More information about the Users
mailing list