[strongSwan] Unable to establish SA

Glen Huang curvedmark at gmail.com
Wed Jun 24 19:42:55 CEST 2015


Thank you. How do i check what algorithms are negotiated? Are those the "IKE proposal" from ipsec statusall?

If so, they are "3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536", which ones do you think are missing from the lsmod list?

> On Jun 25, 2015, at 1:36 AM, Noel Kuntze <noel at familie-kuntze.de> wrote:
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Hello Glen,
> 
> You obviously also need kernel support for the algorithms
> that are negotiated for the IPsec SAs.
> Check what algorithms are negotitated and then load the corresponding
> kernel module.
> 
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
> 
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> 
> Am 24.06.2015 um 19:30 schrieb Glen Huang:
>> Hi,
>> 
>> I'm trying to establish a ikev1 transport SA, but it failed with error like "received netlink error: Function not implemented (89)", I guess it might be that some algo module or kernel module is missing?
>> 
>> ipsec.conf
>> http://pastebin.com/WsBDWvCC
>> 
>> messages from ipsec up
>> http://pastebin.com/iDxisnVt
>> 
>> ipsec statusall
>> http://pastebin.com/CH6bQGYL
>> 
>> output of lsmod
>> http://pastebin.com/7NJD0Mxa
>> 
>> I have googled as hard as I can't, but didn't find any thing useful. I tried kernel-libipsec, but unfortunately it doesn't support transport mode. So I'm at my wits end. Could some one help me identify the missing part?
>> 
>> Thanks in advance.
>> 
>> 
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> 
> iQIcBAEBCAAGBQJViuqrAAoJEDg5KY9j7GZYkiIP/Rdqk6yqaV769NVeaJpkhmr7
> DKbgQ0B6yjn3vbjYP8a/BZUI1GjArL/65uQgL/f1jDr51oNvUHBaDzXkrHjvfHfM
> lZvxd7VNURNsmvvgR6tSP5xctH91F/CavLaYtuQNRfEUMfaREGoV70p37lVSFRwj
> lHfC0kkspbBa4b6IkZS23W84QqGSMwubll4D0kR8HyHmRoVsYPryEpv4YgLmg/pc
> gsm2Ku9rPnWXDjsJMpEoGxKeqK/NyUhsJ5yHkDuAVyMT5+Zv1W6m7OSbSLUCCecq
> Ex5z1U+XLsC/CeLqvPf5x/Em7czv4gQ3RhT+jrdoK4JuEDZuzoyJkQQR3Aha0q2q
> 4k7d3NuYG56qWYnilP0RkbIkTodhR3KeurcTiyN2W2L/OqyDDbL3RCP4Y99kC8Qs
> xi5UVWPmCPv0SpbHtN1kimXdoeRpZUOxxaTXDOT0Qc2pdUjrJVidRp27COUlfzjt
> LHRwy5unPXBwsycjPCNHIl7+b2nisjmIoxd4lnkY93ZMIVM99YtVtw9gyPie5KHI
> NWNn4EHA6ft5rGFGribwK3CrEsn9Ya8w+kEusfRbPzofY/woR0YbflOntk7wg8zh
> BvtEEp4RBrXGaw7ZGIiH9evfrXwph5IJ97iNgDSryL1F4q83ozxzhB8OpDIdTb05
> 9pzkAEFl6BjE2lQMpdWM
> =1Rtj
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users



More information about the Users mailing list