[strongSwan] errors on freebsd
Randy Wyatt
rwwyatt01 at gmail.com
Fri Jul 17 17:18:39 CEST 2015
The driver is already loaded, How do I enable it instead of
kernel-libipsec.
any
Jul 15 19:25:54 saturn charon: 00[LIB] loaded plugins: charon aes des
blowfish r
c2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1
pkcs7
pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf xcbc cmac hmac attr
kernel-
pfkey kernel-pfroute resolve socket-default stroke updown eap-identity
eap-md5 e
ap-mschapv2 eap-tls eap-ttls eap-peap xauth-generic whitelist addrblock
Regards,
Randy
On Fri, Jul 17, 2015 at 7:20 AM, Randy Wyatt <rwwyatt01 at gmail.com> wrote:
> Tobias,
>
>
> On Fri, Jul 17, 2015 at 12:43 AM, Tobias Brunner <tobias at strongswan.org>
> wrote:
>
>> Hi Randy,
>>
>> > Jul 15 19:50:14 saturn charon: 01[KNL] can't install route for
>> > 70.209.XXX.YYY/32[
>> > udp/l2f] === 104.236.XXX.YYY/32[udp/l2f] in, conflicts with IKE traffic
>>
>> You seem to be using the kernel-libipsec plugin. Why? Just use the
>> kernel-pfkey and kernel-pfroute plugins.
>>
>> This package was installed from the binary (pkg install strongswan).
> I will check and compile from source.
>
> > and the dmesg has the following error:
>> > ipsec_common_input: no key association found for SA
>> > 104.236.XXX.YYY/c5979d22/50
>>
>> That's because the kernel has no knowledge of any IPsec SAs as the
>> kernel-libipsec plugin creates them in userland.
>>
>> > How do I resolve this? It's for L2TP, and I have no choice.
>>
>> How so? What's your client?
>>
> Windows 7. I only have to support 1 client at a time. I am moving all
> services to a cheaper box.
>
>
>>
>> Regards,
>> Tobias
>>
>>
> Thank you,
> Regards,
> Randy
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150717/ec3e3e0b/attachment.html>
More information about the Users
mailing list