[strongSwan] errors on freebsd
Tobias Brunner
tobias at strongswan.org
Fri Jul 17 09:43:43 CEST 2015
Hi Randy,
> Jul 15 19:50:14 saturn charon: 01[KNL] can't install route for
> 70.209.XXX.YYY/32[
> udp/l2f] === 104.236.XXX.YYY/32[udp/l2f] in, conflicts with IKE traffic
You seem to be using the kernel-libipsec plugin. Why? Just use the
kernel-pfkey and kernel-pfroute plugins.
> and the dmesg has the following error:
> ipsec_common_input: no key association found for SA
> 104.236.XXX.YYY/c5979d22/50
That's because the kernel has no knowledge of any IPsec SAs as the
kernel-libipsec plugin creates them in userland.
> How do I resolve this? It's for L2TP, and I have no choice.
How so? What's your client?
Regards,
Tobias
More information about the Users
mailing list