[strongSwan] Strongswan unable to install policy

christopher kamutumwa chriskamutumwa at gmail.com
Thu Feb 25 16:43:04 CET 2016 

please assist with log below child subnets not communicating still ikev2

  MTN[1]: ESTABLISHED 11 minutes ago,
185.3.95.94[185.3.95.94]...41.223.117.190[41.223.117.190]
         MTN[1]: IKEv2 SPIs: 2d819a81c3b8a6d5_i* d907f912e6f7ab7b_r,
pre-shared key reauthentication in 7 hours
         MTN[1]: IKE proposal: 3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
         MTN{2}:  INSTALLED, TUNNEL, ESP SPIs: c6973662_i 1c000ae0_o
         MTN{2}:  3DES_CBC/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o,
rekeying in 7 hours
         MTN{2}:   192.168.200.172/32 === 172.25.48.36/32
root at localhost:~# ipsec up MTN
establishing CHILD_SA MTN
generating CREATE_CHILD_SA request 3 [ SA No TSi TSr ]
sending packet: from 185.3.95.94[4500] to 41.223.117.190[4500] (316 bytes)
received packet: from 41.223.117.190[4500] to 185.3.95.94[4500] (188 bytes)
parsed CREATE_CHILD_SA response 3 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
unable to install policy 192.168.200.172/32 === 172.25.48.36/32 out
(mark 0/0x00000000) for reqid 3, the same policy for reqid 2 exists
unable to install policy 172.25.48.36/32 === 192.168.200.172/32 in
(mark 0/0x00000000) for reqid 3, the same policy for reqid 2 exists
unable to install policy 172.25.48.36/32 === 192.168.200.172/32 fwd
(mark 0/0x00000000) for reqid 3, the same policy for reqid 2 exists
unable to install policy 192.168.200.172/32 === 172.25.48.36/32 out
(mark 0/0x00000000) for reqid 3, the same policy for reqid 2 exists
unable to install policy 172.25.48.36/32 === 192.168.200.172/32 in
(mark 0/0x00000000) for reqid 3, the same policy for reqid 2 exists
unable to install policy 172.25.48.36/32 === 192.168.200.172/32 fwd
(mark 0/0x00000000) for reqid 3, the same policy for reqid 2 exists
unable to install IPsec policies (SPD) in kernel
failed to establish CHILD_SA, keeping IKE_SA
sending DELETE for ESP CHILD_SA with SPI c70b532d
generating INFORMATIONAL request 4 [ D ]
sending packet: from 185.3.95.94[4500] to 41.223.117.190[4500] (68 bytes)
received packet: from 41.223.117.190[4500] to 185.3.95.94[4500] (68 bytes)
parsed INFORMATIONAL response 4 [ D ]
deleting policy 192.168.200.172/32 === 172.25.48.36/32 out failed, not found
deleting policy 172.25.48.36/32 === 192.168.200.172/32 in failed, not found
deleting policy 172.25.48.36/32 === 192.168.200.172/32 fwd failed, not found
deleting policy 192.168.200.172/32 === 172.25.48.36/32 out failed, not found
deleting policy 172.25.48.36/32 === 192.168.200.172/32 in failed, not found
deleting policy 172.25.48.36/32 === 192.168.200.172/32 fwd failed, not found
establishing connection 'MTN' failed

More information about the Users mailing list