[strongSwan] Windows StrongSwan cannot establish CHILD_SA due to CREATE_CHILD_SA kicks in every outbound packet.
Tobias Brunner
tobias at strongswan.org
Tue Dec 15 11:13:36 CET 2015
Hi,
> Since nobody answers me, I tested and here is something what I found.
Noel already answered and pointed out the error here:
> 2015-11-28T08:42:56 13[KNL] setting WFP SA SPI failed: 0x80320035
Which means the IPsec SA is not properly installed. If the IPsec
policies are installed successfully, though, then this could cause
acquires to get triggered as the kernel won't find the associated SA and
notifies the daemon, which will initiate another CREATE_CHILD_SA exchange.
> So I went back to version 5.2.1, and I see the tunnel just got brought
> up without issue.
>
> However from 5.3.0, Windows StrongSwan with IKEv2 tunneling is failing.
So it might help if you used `git bisect` to find the commit that causes
the failure.
Regards,
Tobias
More information about the Users
mailing list