[strongSwan] errors on freebsd

Tobias Brunner tobias at strongswan.org
Fri Jul 17 09:43:43 CEST 2015

Hi Randy,

> Jul 15 19:50:14 saturn charon: 01[KNL] can't install route for
> 70.209.XXX.YYY/32[
> udp/l2f] === 104.236.XXX.YYY/32[udp/l2f] in, conflicts with IKE traffic

You seem to be using the kernel-libipsec plugin.  Why?  Just use the
kernel-pfkey and kernel-pfroute plugins.

> and the dmesg has the following error:
> ipsec_common_input: no key association found for SA
> 104.236.XXX.YYY/c5979d22/50

That's because the kernel has no knowledge of any IPsec SAs as the
kernel-libipsec plugin creates them in userland.

> How do I resolve this?  It's for L2TP,  and I have no choice.

How so?  What's your client?


More information about the Users mailing list