[strongSwan] no virtual IP found for %any6

Jay Claybaugh gambit990 at gmail.com
Fri Oct 3 06:29:10 CEST 2014 

I've updated my Strongswan server to V5.1.3 and am having trouble 
connecting with an Android client.  It appears that the android client is 
requesting both an IPV4 and IPV6 tunnel. The IPV4 tunnel appears to be 
assigned whereas there is no IPV6 tunnel configured so none is assigned.  
The result is that the Android client deletes the connection since both 
requests aren't satisfied.

I'm not sure how to disable the Android client from requesting the IPV6 
tunnel.  If that isn't possible, I'm not sure how to setup the IPV6 tunnel 
support on the server.  Is there a recipe or sample on how that is done?

The server log shows:
04[IKE] peer requested virtual IP %any
04[CFG] reassigning offline lease to '<...>'
04[IKE] assigning virtual IP 192.168.6.1 to peer '<...>'
04[IKE] peer requested virtual IP %any6
04[IKE] no virtual IP found for %any6 requested by '<...>'
04[IKE] building INTERNAL_IP4_DNS attribute
04[KNL] received netlink error: No such file or directory (2)
04[KNL] unable to add SAD entry with SPI c8489b44
04[KNL] received netlink error: No such file or directory (2)
04[KNL] unable to add SAD entry with SPI 6c540958
04[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel
04[IKE] failed to establish CHILD_SA, keeping IKE_SA
04[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR DNS) N
(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(NO_PROP) ]
04[NET] sending packet: from my.server[4500] to 192.168.2.131[43606] (1404 
bytes)
03[NET] received packet: from 192.168.2.131[43606] to my.server[4500] (76 
bytes)
03[ENC] parsed INFORMATIONAL request 2 [ D ]
03[IKE] received DELETE for IKE_SA android[4]
03[IKE] deleting IKE_SA android[4] between my.server[<...>]
03[IKE] deleting IKE_SA android[4] between my.server[<...>]...192.168.2.131
[<...>]
03[IKE] IKE_SA android[4] state change: ESTABLISHED => DELETING
03[IKE] IKE_SA deleted
03[IKE] IKE_SA deleted
03[ENC] generating INFORMATIONAL response 2 [ ]
03[NET] sending packet: from my.server[4500] to 192.168.2.131[43606] (76 
bytes)
03[IKE] IKE_SA android[4] state change: DELETING => DESTROYING

The Android client log shows:
05[IKE] IKE_SA android[6] established between 192.168.1.11
[<...>]...my.server[<...>]
05[IKE] scheduling rekeying in 35475s
05[IKE] maximum IKE_SA lifetime 36075s
05[IKE] installing new virtual IP 192.168.6.1
05[IKE] received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
05[IKE] closing IKE_SA due CHILD_SA setup failure
05[IKE] received AUTH_LIFETIME of 10064s, scheduling reauthentication in 
9464s
05[IKE] peer supports MOBIKE
04[IKE] deleting IKE_SA android[6] between 192.168.1.11[<...>]...my.server
[<...>]
04[IKE] sending DELETE for IKE_SA android[6]
04[ENC] generating INFORMATIONAL request 2 [ D ]
04[NET] sending packet: from 192.168.1.11[44092] to my.server[4500] (76 
bytes)
03[NET] received packet: from my.server[4500] to 192.168.1.11[44092] (76 
bytes)
03[ENC] parsed INFORMATIONAL response 2 [ ]
03[IKE] IKE_SA deleted

The server IPsec.conf file contains:
conn android
        keyingtries=1
        keyexchange=ikev2
        left=%any
        leftsubnet=0.0.0.0/0
        leftauth=pubkey
        leftcert=home.pem
        right=%any
        rightauth=pubkey
        rightsourceip=192.168.6.0/24
        auto=add

Thanks,

Jay

More information about the Users mailing list