[strongSwan] trap not found, unable to acquire reqid

Martin Willi martin at strongswan.org
Thu Dec 4 10:19:51 CET 2014


Hi,

> I am facing an issue with charon (strongSwan 4.4.0) that, if SA
> entries are flushed from responder side, further initiation of tunnel
> from responder is not feasible.

> NODE-B# ip xfrm state flush

> 14[CFG] trap not found, unable to acquire reqid 2

You can't just flush the kernel SA states. strongSwan manages these with
associated state in userland, and just deleting them in the kernel
brings that state out of sync. Use strongSwan to delete SAs, for example
with "ipsec down".

Further, 4.4.0 is now more than four years old. There have been many
changes and improvements in the trap policy handling, and you definitely
should consider upgrading to a recent version.

Regards
Martin



More information about the Users mailing list