[strongSwan] received netlink error: Protocol not supported (93) with strongswan-5.0.1 on Linux kenerl 2.6.34
Robert Lee
rleeatgm at gmail.com
Wed Oct 17 09:08:12 CEST 2012
Hi,
I am seeing CHILD_SA failure in the IPv6 case (strongswan-5.0.1, Linux
kenerl 2.6.34) due to received netlink error: Protocol not supported (93).
I have included the log below.
I have searched the old threads and found [1] which suggests something
related to the IPComp. I have never turned this option on, but I then turn
it off anyway in the ipsec.conf. This does not help.
I then found another thread [2] and [3] which talked about enabling IPv6 on
the linux. My linux box has already enabled the IPv6 and is receiving and
sending IKEv2 messages through its IPv6 interface: eth0 (please see the log
below).
Is there still something missing in my kernel which I need to build in or
turn on?
Thank you!
Robert
email threads:
[1]: http://wiki.strongswan.org/issues/183
[2]: https://lists.strongswan.org/pipermail/users/2008-November/002915.html
[3]: https://lists.strongswan.org/pipermail/users/2008-October/002782.html
server log:
charon: 00[KNL] detected Linux 2.6.34, no support for RTA_PREFSRC for IPv6
routes <--- not sure if this is also an error?
........
charon: 13[NET] received packet: from
2002:c023:9c17:21c:21b:78ff:fee0:6ba4[4500] to
2002:c023:9c17:2c0::a2a:7064[4500]
charon: 13[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH
CP(ADDR6 DNS6) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH)
N(EAP_ONLY) ]
........
charon: 13[KNL] adding SAD entry with SPI c9e5baf2 and reqid {1} (mark
0/0x00000000)
charon: 13[KNL] using encryption algorithm AES_CBC with key size 128
charon: 13[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160
charon: 13[KNL] using replay window of 32 packets
charon: 13[KNL] received netlink error: Protocol not supported (93)
charon: 13[KNL] unable to add SAD entry with SPI c9e5baf2
charon: 13[KNL] adding SAD entry with SPI c85caae7 and reqid {1} (mark
0/0x00000000)
charon: 13[KNL] using encryption algorithm AES_CBC with key size 128
charon: 13[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160
charon: 13[KNL] using replay window of 32 packets
charon: 13[KNL] received netlink error: Protocol not supported (93)
charon: 13[KNL] unable to add SAD entry with SPI c85caae7
charon: 13[IKE] unable to install inbound and outbound IPsec SA (SAD) in
kernel
charon: 13[IKE] failed to establish CHILD_SA, keeping IKE_SA
charon: 13[KNL] deleting SAD entry with SPI c9e5baf2 (mark 0/0x00000000)
charon: 13[KNL] deleted SAD entry with SPI c9e5baf2 (mark 0/0x00000000)
charon: 13[KNL] deleting SAD entry with SPI c85caae7 (mark 0/0x00000000)
charon: 13[ENC] generating IKE_AUTH response 1 [ IDr AUTH CP(ADDR6 DNS DNS6
DHCP DHCP6) N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR)
N(ADD_6_ADDR) N(NO_PROP) ]
charon: 13[NET] sending packet: from 2002:c023:9c17:2c0::a2a:7064[4500] to
2002:c023:9c17:21c:21b:78ff:fee0:6ba4[4500]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121017/3b1334e8/attachment.html>
More information about the Users
mailing list