[strongSwan] forecast iptables commit failed: Invalid argument
Meduri Siva Prasad
sivaprasad at freescale.com
Thu Jun 18 09:53:03 CEST 2015
Hi ,
Wanted to forward multicast traffic using FORECAST plugin from HOST1. Tunnel established successfully between GATEWAY1 and GATEWAY2 in site-to site mode. Sent Multicast traffic from HOST1 which is behind the GATEWAY1. But the IPTABLES RULES are not updated . LOG says "forecast iptables commit failed: Invalid argument" . Please help me if I am missing any configuration or anything else needs to be done.
Here is my setup
HOST1-------------------------GATEWAY1 ---------------------------------GATEWAY2--------------------------HOST2
Here is the configuration.
Ipsec.conf on GATEWAY1
config setup
charondebug="chd 3, knl 3, ike 3, cfg 4"
strictcrlpolicy=no
conn %default
ikelifetime=60m
keylife=60m
rekeymargin=1m
keyingtries=1
keyexchange=ikev1
type=tunnel
compress=no
mobike=no
conn net-net
left=200.200.200.1
leftid=dut1.com
leftsubnet=192.168.1.0/24,224.0.0.0/4
leftfirewall=yes
leftauth=psk
leftauth2=xauth
rightauth=psk
right=200.200.200.2
rightid=dut2.com
rightsubnet=192.168.2.0/24,224.0.0.0/4
xauth=client
xauth_identity=xuser
auto=add
mark=%unique
Strongswan.conf on GATEWAY1
charon {
load_modular = yes
plugins {
include strongswan.d/charon/*.conf
forecast{
groups = 224.0.0.5
interface = eth0
}
}
}
include strongswan.d/*.conf
ipsec.secrets on on GATEWAY1
dut1.com dut2.com : PSK "123456789"
xuser : XAUTH "xpassword"
LOG on GATEWAY1
Jul 13 13:48:15 OpenWrt daemon.info charon: 15[CFG] forecast iptables commit failed: Invalid argument
Jul 13 13:48:15 OpenWrt daemon.info charon: 15[KNL] 200.200.200.1 is on interface eth0
Jul 13 13:48:15 OpenWrt local0.notice vpn: + dut2.com 192.168.2.0/24 == 200.200.200.2 -- 200.200.200.1 == 192.168.1.0/24
Regards,
Siva Prasad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150618/ae512437/attachment-0001.html>
More information about the Users
mailing list