[strongSwan] 10[CFG] trap not found, unable to acquire reqid 10 and vici query

Mohammad Ahmad mohd.ahmad17 at gmail.com
Thu Jul 23 00:31:37 CEST 2015


I am using strongswan to have ipsec between two sites. But when
running "ipsec start" i get the following error

10[KNL] creating acquire job for policy 10.10.91.2/32[icmp/8] ===
10.10.44.2/32[icmp/8] with reqid {10}
10[CFG] trap not found, unable to acquire reqid 10

I insert policies using ip xfrm and want to use charon to establish SAs.

Here is my configuration
ipsec.conf

config setup
        # strictcrlpolicy=yes
        # uniqueids = no
conn %default
         ikelifetime=10m
         keylife=2m
         rekeymargin=1m
         keyingtries=3
         keyexchange=ikev1
         authby=secret
         installpolicy=no

 conn net-net
          left=192.168.198.155
          leftsubnet=10.10.91.0/24
          right=192.168.198.152
          rightsubnet=10.10.44.0/24
          reqid=11 //i have tried running it without reqid and
changing its value.
          auto=add

strongswan.conf

# /etc/strongswan.conf/ - strongSwan configuration file
#
charon {
  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke
kernel-netlink socket-default updown

  dh_exponent_ansi_x9_42 = no
}

Any ideas on what may be going wrong?

Additional questions

I want to eventually run just the charon daemon instead of "ipsec
start" and communicate with it using vici.

1. Where can I then define the "default" section of ipsec.conf. Can
this be done using vici?

2. How can I enable vici if I used apt-get on ubuntu to install
strongswan-ikev1?

Thanks!
Ahmad


More information about the Users mailing list