[strongSwan] trap not found, unable to acquire reqid

divya mohan m.divya.mohan at zoho.com
Thu Dec 4 10:47:11 CET 2014


Hi Martin,

>> Use strongSwan to delete SAs, for example with "ipsec down".

I tried this, but I still get the same error.

On Responder side:

#ip xfrm state
src 20.0.0.2 dst 20.0.0.1
        proto esp spi 0xcc96b35b reqid 2 mode tunnel
        replay-window 64 flag af-unspec
        auth-trunc hmac(md5) 0x804b51d4ef9cfe05bc728b733b836a15 96
        enc cbc(des3_ede) 0xbf5e8bc896872602f6ee8d6310001d73cfce9ef03d759cdc
src 20.0.0.1 dst 20.0.0.2
        proto esp spi 0xc86f7c5b reqid 2 mode tunnel
        replay-window 64 flag af-unspec
        auth-trunc hmac(md5) 0x5f4edf4fcac090ac6af5b9f2091f0597 96
        enc cbc(des3_ede) 0x5259ec237e814621ee99371f61085bc986bc0899a574673d

#ipsec down r1~v1
09[CFG] received stroke: terminate 'r1~v1'
14[IKE] deleting IKE_SA r1~v1[1] between 20.0.0.2[20.0.0.2]...20.0.0.1[20.0.0.1]
14[IKE] sending DELETE for IKE_SA r1~v1[1]
deleting IKE_SA r1~v1[1] between 20.0.0.2[20.0.0.2]...20.0.0.1[20.0.0.1]
sending DELETE for IKE_SA r1~v1[1]
generating INFORMATIONAL request 0 [ D ]
sending packet: from 20.0.0.2[500] to 20.0.0.1[500]
15[IKE] IKE_SA deleted
received packet: from 20.0.0.1[500] to 20.0.0.2[500]
parsed INFORMATIONAL response 0 [ ]
IKE_SA deleted


#ip xfrm state
#ip xfrm policy
src 20.0.0.0/24 dst 20.0.0.0/24 proto icmp
        dir fwd priority 1758
        tmpl src 20.0.0.1 dst 20.0.0.2
                proto esp reqid 2 mode tunnel
src 20.0.0.0/24 dst 20.0.0.0/24 proto icmp
        dir in priority 1758
        tmpl src 20.0.0.1 dst 20.0.0.2
                proto esp reqid 2 mode tunnel
src 20.0.0.0/24 dst 20.0.0.0/24 proto icmp
        dir out priority 1758
        tmpl src 20.0.0.2 dst 20.0.0.1
                proto esp reqid 2 mode tunnel

#ping 20.0.0.1
PING 20.0.0.1 (20.0.0.1) 56(84) bytes of data.
06[CFG] trap not found, unable to acquire reqid 2
^C
--- 20.0.0.1 ping statistics ---
12 packets transmitted, 0 received, 100% packet loss, time 10999ms


>> There have been many changes and improvements in the trap policy handling,
>> and you definitely should consider upgrading to a recent version.

Could you please confirm whether this works in recent versions;
and is there any patch/change that I could apply on my version to fix this.

-- Divya


More information about the Users mailing list