[strongSwan] no virtual IP found for %any6
Jay Claybaugh
gambit990 at gmail.com
Sun Oct 5 02:55:38 CEST 2014
Tobias Brunner <tobias at ...> writes:
>
> Hi Jay,
>
> > The IPV4 tunnel appears to be
> > assigned whereas there is no IPV6 tunnel configured so none is
assigned.
> > The result is that the Android client deletes the connection since
both
> > requests aren't satisfied.
>
> No that's not the issue. It's perfectly fine to setup a tunnel for
one
> address family only.
>
> > 04[KNL] received netlink error: No such file or directory (2)
> > 04[KNL] unable to add SAD entry with SPI c8489b44
> > 04[KNL] received netlink error: No such file or directory (2)
> > 04[KNL] unable to add SAD entry with SPI 6c540958
> > 04[IKE] unable to install inbound and outbound IPsec SA (SAD) in
kernel
> > 04[IKE] failed to establish CHILD_SA, keeping IKE_SA
>
> This is the actual problem that causes the server to return a
> NO_PROPOSAL_CHOSEN notify back to the client, which it then treats as
a
> failure:
>
> > 05[IKE] received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
> > 05[IKE] closing IKE_SA due CHILD_SA setup failure
>
> Regarding the error returned by your kernel:
>
> > received netlink error: No such file or directory (2)
>
> I'm not sure what may cause it at that point. Most likely you are
> missing some of the required kernel modules [1].
>
> Regards,
> Tobias
>
> [1] https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
>
>
Hi Tobias, that was a good observation. The culprit appeared to be
"authenc". I did a "modprobe authenc" as pointed out by the post at
"https://forum.openwrt.org/viewtopic.php?id=48447" and that solved the
issue.
I now occasionally have an issue creating a tunnel on the android 4.4.2
client but that appears to be a well known issue by now so I'll hope
that Android 4.4.4 is pushed out soon and solves that it.
I really appreciate your help.
Jay
More information about the Users
mailing list