[strongSwan] Issues with kernel-libipsec and \32

Tobias Guggemos tobias.guggemos at stud.ifi.lmu.de
Mon Oct 28 16:15:59 CET 2013


Hy,

it seems that we got routing problems.
The client (in user mode) sends the IKE_INIT_SA, this packet is received
by the server which sends the response that is never received.
After starting ipsec, the client isn't reachable and we have no rules
displayed by iptables -L.
route -n is only displaying the default network routes.

The attached configuration files are working with strongswan in kernel
mode on both sides. The modification on client for userland side are:
- adding foreceencaps=yes
- removing auth=esp (because of conflicting version)
Attached please find the charon log files, too.

Regards
Tobias

> Hi Tobias,
>
>> I am working on a research project where we compare performances of a
>> VPN
>> connection with ipsec in kernel space with ipsec in user space.
>
> Just FYI: Such a comparison with kernel-libipsec is probably not that
> meaningful; our libipsec backend is relatively new and didn't yet get
> any performance optimizations. This might have some impact, especially
> with many SAs.
>
>> [wiki.strongswan.org/issues/380] seems to fix that problem. However we
>> still have the same error. We would like to be sure version 5.1.0  got
>> patched.
>
> No, these patches are not part of 5.1.0. Try 5.1.1rc1 [1], it should
> contain all the changes.
>
>> Attached find my configuration files and the charon log.
>
> Seems that they are missing. Anyway, also check that you set the
> appropriate mark options, as seen in the merge commit at [2].
>
> Regards
> Martin
>
> [1]http://download.strongswan.org/strongswan-5.1.1rc1.tar.bz2
> [2]http://git.strongswan.org/?p=strongswan.git;a=commit;h=1ff63f15
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec_client.conf
Type: application/octet-stream
Size: 886 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131028/d77d5ed0/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec_server.conf
Type: application/octet-stream
Size: 878 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131028/d77d5ed0/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: server_charon.log
Type: text/x-log
Size: 4703 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131028/d77d5ed0/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: client_charon.log
Type: text/x-log
Size: 86503 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131028/d77d5ed0/attachment-0001.bin>


More information about the Users mailing list