[strongSwan] received netlink error: Protocol not supported (93) with strongswan-5.0.1 on Linux kenerl 2.6.34

Robert Lee rleeatgm at gmail.com
Wed Oct 17 09:08:12 CEST 2012 

Hi,

I am seeing CHILD_SA failure in the IPv6 case (strongswan-5.0.1, Linux
kenerl 2.6.34) due to received netlink error: Protocol not supported (93).
I have included the log below.
I have searched the old threads and found [1] which suggests something
related to the IPComp. I have never turned this option on, but I then turn
it off anyway in the ipsec.conf. This does not help.
I then found another thread [2] and [3] which talked about enabling IPv6 on
the linux. My linux box has already enabled the IPv6 and is receiving and
sending IKEv2 messages through its IPv6 interface: eth0 (please see the log
below).

Is there still something missing in my kernel which I need to build in or
turn on?
Thank you!

Robert

email threads:
[1]: http://wiki.strongswan.org/issues/183
[2]: https://lists.strongswan.org/pipermail/users/2008-November/002915.html
[3]: https://lists.strongswan.org/pipermail/users/2008-October/002782.html


server log:
charon: 00[KNL] detected Linux 2.6.34, no support for RTA_PREFSRC for IPv6
routes  <--- not sure if this is also an error?
........
charon: 13[NET] received packet: from
2002:c023:9c17:21c:21b:78ff:fee0:6ba4[4500] to
2002:c023:9c17:2c0::a2a:7064[4500]
charon: 13[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH
CP(ADDR6 DNS6) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH)
N(EAP_ONLY) ]
........
charon: 13[KNL] adding SAD entry with SPI c9e5baf2 and reqid {1}  (mark
0/0x00000000)
charon: 13[KNL]   using encryption algorithm AES_CBC with key size 128
charon: 13[KNL]   using integrity algorithm HMAC_SHA1_96 with key size 160
charon: 13[KNL]   using replay window of 32 packets
charon: 13[KNL] received netlink error: Protocol not supported (93)
charon: 13[KNL] unable to add SAD entry with SPI c9e5baf2
charon: 13[KNL] adding SAD entry with SPI c85caae7 and reqid {1}  (mark
0/0x00000000)
charon: 13[KNL]   using encryption algorithm AES_CBC with key size 128
charon: 13[KNL]   using integrity algorithm HMAC_SHA1_96 with key size 160
charon: 13[KNL]   using replay window of 32 packets
charon: 13[KNL] received netlink error: Protocol not supported (93)
charon: 13[KNL] unable to add SAD entry with SPI c85caae7
charon: 13[IKE] unable to install inbound and outbound IPsec SA (SAD) in
kernel
charon: 13[IKE] failed to establish CHILD_SA, keeping IKE_SA
charon: 13[KNL] deleting SAD entry with SPI c9e5baf2  (mark 0/0x00000000)
charon: 13[KNL] deleted SAD entry with SPI c9e5baf2 (mark 0/0x00000000)
charon: 13[KNL] deleting SAD entry with SPI c85caae7  (mark 0/0x00000000)
charon: 13[ENC] generating IKE_AUTH response 1 [ IDr AUTH CP(ADDR6 DNS DNS6
DHCP DHCP6) N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR)
N(ADD_6_ADDR) N(NO_PROP) ]
charon: 13[NET] sending packet: from 2002:c023:9c17:2c0::a2a:7064[4500] to
2002:c023:9c17:21c:21b:78ff:fee0:6ba4[4500]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121017/3b1334e8/attachment.html>

More information about the Users mailing list