[strongSwan] unable to add SAD entry with SPI
Paresh Sawant
paresh.sawant at gmail.com
Mon Aug 26 19:59:19 CEST 2013
Hi Noel,
I built strongswan 5.1.0 with libipsec, and that fixed the netlink
error. But after the SAa are successfully established, I see
strongswan(as IKEv1/IKEv2 responder) creates ipsec0 TUN interface, and
if I try to access any hosts that belongs to "leftsubnet", the
plaintext packets hit this ipsec0 interface but never make their way
to destination host. I'm using IPv6-in-IPv6 remote access VPN.
Thanks
-Paresh
On Mon, Aug 26, 2013 at 3:52 AM, Noel Kuntze <noel at familie-kuntze.de> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello xuxl,
>
> I've seen this behavious on systems virtualized with OpenVZ. On such
> systems, it is not possible to insert xfrm policies into the kernel or
> use netlink's functionality.
> The solution to this problem is compiling with libipsec and loading it
> with the "load" statement in strongswan.conf.
>
> Regards,
> Noel Kuntze
>
> On 26.08.2013 12:48, ??? wrote:
>>
>> Dec 12 01:25:05 freescale daemon.info charon: 01[KNL] received netlink
> error: Function not implemented (38)
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.21 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJSGzOHAAoJEDg5KY9j7GZYhFUP/0DalXH98qyqvHWSANe7B9tF
> 2eT0hEFnoLSBCy2U9mm+DlqUW3TWwkI8DX/cCSsQBDAqir4CK7yPAkkKjzyAZTgB
> I2ijBs7TUXr1lwhZc3eiStjAwZq4//3dTY1m/4pFC/wkcjwvLbuZJv8yMx8kvJIw
> 1Kll8cUHNzxk8sTkMP+spw7HXpP1Rdzr4IpnmTf73D+AI+nFrQCt2qe3ACm2XPn2
> p8r0yNHrPj3oV/ElCaYBUv8Ux93LQ6JzCmv/Fulayrio0ZTk0TiAH46HGRyXetI8
> W/pUgmNFqNnFI+vicWYsn4A0ystunxhOhDBlfxA+josOzUc9FKOy0OQT8xWMNSyy
> nF/65KKrikhveRJoNEpReBpGUUtP4bNWRWqul7YqaE48fhTas2U/eS/7WYQUGmLa
> 8s/7r0Fxx0TEoS3ZfMHSRGWn4udXRbzxpNjMKHZtDTosbd9S/kb3jqKZG9VS0/q4
> KiIQ/9RpyfbbenNT7LOrpKK4rKQtZQeMSlQesSyAyKD9vRmNUDwWFkeyksdWnhV+
> KlzpDHXpkQ1bcZWxae+7QNiwhzNE1/tPUGsSJLos1qO/3u/u5mm2pySt55P/BRA8
> xW4LF5WAnYyiu/QTxnsYKtFRKPPi7JzvIYhzd7EQHM6hZIDiqJ80k1FamF0DimVt
> pUH3XF7nrzziUSfmjSn0
> =/vbu
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
More information about the Users
mailing list