[strongSwan] 5.0.1rc1 and FreeBSD
David Shane Holden
dpejesh at yahoo.com
Thu Sep 27 03:01:18 CEST 2012
After testing 5.0.1rc1 on FreeBSD a bit, I've run into a few problems.
The first was some simple compile errors which I think I fixed in the
attached patch. But there's clearly a deeper problem that I haven't
found yet. On startup I get the following messages:
00[DMN] Starting IKE charon daemon (strongSwan 5.0.1rc1, FreeBSD
9.0-RELEASE-p4, amd64)
00[KNL] unable to set UDP_ENCAP: Invalid argument
00[NET] enabling UDP decapsulation failed
When I try to bring up a tunnel with "knl 4, net 4" debugging enabled I
get the following:
03[NET] received packet => 832 bytes @ 0x7fffff7f93b0
03[NET] 0: 75 74 B5 37 1A 61 79 52 00 00 00 00 00 00 00 00
ut.7.ayR........
...
03[NET] 816: 3D A7 76 23 27 9F C4 C4 21 2F 7E B7 A1 F7 5A 19
=.v#'...!/~...Z
03[NET] received packet: from 192.168.1.201[500] to 192.168.1.1[500]
03[KNL] 192.168.1.1 is not a local address or the interface is down
03[NET] received packet from 192.168.1.201[500] to 192.168.1.1[500] on
ignored interface
03[NET] waiting for data on sockets
So I'm thinking there's a bug in the pfkey/pfroute changes lately
related to interfaces and addresses. I'll continue to try to work my
way through the code but hopefully someone who's more familiar with it
might spot exactly where the problem is quicker than it would take me to
learn the code. Below is my config which doesn't exhibit these problems
with 5.0.0.
ipsec.conf
---
config setup
conn %default
ikelifetime=60m
keyingtries=1
keylife=20m
rekeymargin=3m
conn myconn
auto=add
keyexchange=ikev2
left=%any
leftauth=pubkey-sha1-sha256
leftcert=mycert.pem
leftsubnet=192.168.1.0/24
right=%any
rightauth=pubkey-sha1-sha256
rightid=%any
rightsourceip=192.168.2.0/24
type=tunnel
---
I still get the same error as above when I set 'left=192.168.1.1'.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: patch.txt
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120926/4352340b/attachment.txt>
More information about the Users
mailing list