[strongSwan] OSX weakswan pfkey_open no such file

Tobias Brunner tobias at strongswan.org
Tue Feb 24 15:02:44 CET 2015


Hi Alejandro,

>     brew install strongswan --with-curl --with-suite-b

If you use `--with-suite-b` our own userland IPsec implementation will
be used instead of the kernel's via PF_KEY.  So you won't see any output
in `setkey -D` (also you'd have to run that command as superuser with sudo).

> parsed INFORMATIONAL_V1 request 2418823313 [ HASH N(INITIAL_CONTACT) ]
> configuration payload missing in XAuth request
> ...
> The tunnel is stablished OK always in the second try, sonicwalls asks
> twice for the username and password.

Looks like Sonicwall sends an INITIAL_CONTACT in an INFORMATIONAL
exchange during the XAuth exchange (and even though it is the server).
Apparently, charon has trouble handling this properly.  In the second
try the Sonicwall perhaps still has the state from the first attempt
around and therefore does not send the notify.

> But once stablished no packets are arriving to the VPN Server.

You might need to request a virtual IP address [1] from the server using
`leftsourceip=%config`, which is usually the case in remote access
scenarios.

Regards,
Tobias

[1] https://wiki.strongswan.org/projects/strongswan/wiki/VirtualIp



More information about the Users mailing list