[strongSwan] Netlink error deleting CHILD SA

Paresh Sawant paresh.sawant at gmail.com
Fri Aug 23 03:27:32 CEST 2013 

Hi,

I'm running strongswan 5.1.0 as a responder against remote access vpn
client. The IKEv1 connection is done successfully along with Child SA
establishment, but right after that strongswan sends DELETE
Informational message for ESP CHILD_SA to the client.

Below is the logs that I see -

Aug 22 18:07:50 13[IKE] assigning virtual IP 2001:470:8254:ff32::1 to
peer 'test at test.com'
Aug 22 18:07:50 13[ENC] generating TRANSACTION response 2756433455 [ HASH CP ]
Aug 22 18:07:50 13[NET] sending packet: from
2001:470:8254:38:250:56ff:fea3:6695[4500] to
2600:1010:b012:a4e5:d1b3:d746:e0bb:188c[34498] (100 bytes)
Aug 22 18:07:50 14[NET] received packet: from
2600:1010:b012:a4e5:d1b3:d746:e0bb:188c[34498] to
2001:470:8254:38:250:56ff:fea3:6695[4500] (3636 bytes)
Aug 22 18:07:50 14[ENC] parsed QUICK_MODE request 4157979527 [ HASH SA
No ID ID ]
Aug 22 18:07:50 14[IKE] received 28800s lifetime, configured 2700s
Aug 22 18:07:50 14[ENC] generating QUICK_MODE response 4157979527 [
HASH SA No ID ID ]
Aug 22 18:07:50 14[NET] sending packet: from
2001:470:8254:38:250:56ff:fea3:6695[4500] to
2600:1010:b012:a4e5:d1b3:d746:e0bb:188c[34498] (204 bytes)
Aug 22 18:07:50 16[NET] received packet: from
2600:1010:b012:a4e5:d1b3:d746:e0bb:188c[34498] to
2001:470:8254:38:250:56ff:fea3:6695[4500] (52 bytes)
Aug 22 18:07:50 16[ENC] parsed QUICK_MODE request 4157979527 [ HASH ]
Aug 22 18:07:50 16[KNL] received netlink error: Invalid argument (22)
Aug 22 18:07:50 16[KNL] unable to add SAD entry with SPI c2bac3e5
Aug 22 18:07:50 16[KNL] received netlink error: Invalid argument (22)
Aug 22 18:07:50 16[KNL] unable to add SAD entry with SPI e5fc1db7
Aug 22 18:07:50 16[IKE] unable to install inbound and outbound IPsec
SA (SAD) in kernel
Aug 22 18:07:50 16[IKE] sending DELETE for ESP CHILD_SA with SPI e5fc1db7
Aug 22 18:07:50 16[ENC] generating INFORMATIONAL_V1 request 863297537 [ HASH D ]
Aug 22 18:07:50 16[NET] sending packet: from
2001:470:8254:38:250:56ff:fea3:6695[4500] to
2600:1010:b012:a4e5:d1b3:d746:e0bb:188c[34498] (68 bytes)
Aug 22 18:12:51 16[NET] received packet: from
2600:1010:b012:a4e5:d1b3:d746:e0bb:188c[34498] to
2001:470:8254:38:250:56ff:fea3:6695[4500] (84 bytes)
Aug 22 18:12:51 16[ENC] parsed INFORMATIONAL_V1 request 1053121406 [
HASH N(DPD) ]
Aug 22 18:12:51 16[ENC] generating INFORMATIONAL_V1 request 795067988
[ HASH N(DPD_ACK) ]


I'm running strongswan on Ubuntu 12.04LTS 64 bit Linux with Kernel
version 3.2.0-39. My ipsec.conf is as below -

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
conn ipv6_ikev1_psk
     left=2001:470:8254:38:250:56ff:fea3:6695
     leftsubnet=::/0
     keyexchange=ikev1
     leftauth=psk
     rightauth=psk
     right=%any
     rightid=test at test.com
     rightsourceip=2001:470:8254:FF32::/97
     leftfirewall=yes
     lefthostaccess=yes
     auto=add
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Thanks
-Paresh

More information about the Users mailing list