[strongSwan] [KNL] received netlink error: No such file or directory (2) - unable to add SAD entry with SPI

Conrad Kostecki ck at conrad-kostecki.de
Sun Dec 27 21:07:31 CET 2015


Hi Thomas!

Am 27.12.2015 um 20:19 schrieb Thomas Egerer:
> Hello Conrad
>
> On 12/26/2015 01:55 PM, ck+strongswanusers at bl4ckb0x.de wrote:
>> Hello!
>> I am trying to setup StrongSwan on a new Gentoo server.
>> My Lumia 950XL (Windows Phone 10) is the connecting device.
>>
>> The connection fails, because I am getting "Invalid payload received" on
>> the client side.
>>
>> Debug Log: http://pastebin.com/huTE2PxY
>> Config: http://pastebin.com/9q84N6ii
> I suspect that one of the negotiated crypto algorithms for ESP is not
> available in the kernel. According to your config this should be AES256
> along with SHA1. It could however not hurt to turn up logging for cfg
> faciliy to 2 in your ipsec.conf. Loglevel 3 or 4 for knl would give us
> the exact netlink message which in this case would be much better.
> Modify the appropriate ipsec.conf line as follows:
>    charondebug="cfg 2, dmn 2, ike 2, net 2, lib 3, knl 4"
> and run your test again. Then we can analyze the logs and see if this
> gets us any further.

Thanks for the suggestion. I've modified it and created a new log file:
http://pastebin.com/yJDiKfeg

AES256 and SHA1 are build in in my kernel, if I am not searching for the 
wrong options..

CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_SHA1_SSSE3=y
CONFIG_CRYPTO_SHA256_SSSE3=y
CONFIG_CRYPTO_SHA512_SSSE3=y
CONFIG_CRYPTO_SHA1_MB=y
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_SHA512=y

CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_AES_X86_64=y
CONFIG_CRYPTO_AES_NI_INTEL=y

CONFIG_CRYPTO_HMAC=y

CONFIG_CRYPTO_CBC=y

Cheers
Conrad

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4950 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20151227/948ef006/attachment.bin>


More information about the Users mailing list