[strongSwan] trap not found, unable to acquire reqid

Noel Kuntze noel at familie-kuntze.de
Thu Jun 2 19:34:56 CEST 2016


Keep it on the mailing lists.
Then don't use a keying daemon. The only things a keying daemon does is install SAs, SPs and routes.
If you don't want charon to do any of those things, don't use it.

And there's still the VICI API to charon that you can use to dynamically load and unload any configuration.

On 02.06.2016 19:26, rajeev nohria wrote:
> Noel,
>
> We are planning to install SA and policies dynamically. We don't want to use the swanctl.conf for configuration using Strongswan 5.4.
>
> Thanks,
> Rajeev 
>
> On Thu, Jun 2, 2016 at 12:12 PM, Noel Kuntze <noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>> wrote:
>
>     That's because you installed the policies by yourself. Don't do that.
>
>     On 02.06.2016 17:25, rajeev nohria wrote:
>     > I added manual entries for  policy using "ip xfrm policy"  both at receptor and initiator. Both are host and IP address of 10.13.199.185 and 10.13.199.130.
>     >
>     > Initiator:
>     >
>     > sudo ip xfrm policy add src 10.13.199.185 dst 10.13.199.130 dir out tmpl src 10.13.199.185 dst 10.13.199.130 proto esp reqid 16386 mode transport
>     >
>     > sudo ip xfrm policy add src 10.13.199.130 dst 10.13.199.185 dir in tmpl src 10.13.199.130 dst 10.13.199.185 proto esp reqid 16386 mode transport
>     >
>     >
>     >
>     >
>     >
>     > Receptor:
>     >
>     >  sudo ip xfrm policy add src 10.13.199.130 dst 10.13.199.185 dir out tmpl src 10.13.199.130 dst 10.13.199.185 proto esp reqid 16386 mode transport
>     >
>     > sudo ip xfrm policy add src 10.13.199.185 dst 10.13.199.130 dir in tmpl src 10.13.199.185 dst 10.13.199.130 proto esp reqid 16386 mode transport
>     >
>     >
>     >
>     >
>     > when I try to ping, I get following error. I expect it to create dynamic SA and ping to be successful.
>     >
>     > Jun  2 08:03:52 05[KNL] received a XFRM_MSG_ACQUIRE
>     > Jun  2 08:03:52 05[KNL]   XFRMA_TMPL
>     > Jun  2 08:03:52 05[KNL] creating acquire job for policy 10.13.199.185/32[udp/48785] <http://10.13.199.185/32[udp/48785]> <http://10.13.199.185/32[udp/48785]> === 10.13.199.130/32[udp/1025] <http://10.13.199.130/32[udp/1025]> <http://10.13.199.130/32[udp/1025]> with reqid {16386}
>     > Jun  2 08:03:52 07[CFG] trap not found, unable to acquire reqid 16386
>     >
>     >
>     > Thanks,
>     > Raj
>     >
>
>
>     --
>
>     Mit freundlichen Grüßen/Kind Regards,
>     Noel Kuntze
>
>     GPG Key ID: 0x63EC6658
>     Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
>
>


-- 

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160602/b6a3dd36/attachment.sig>


More information about the Users mailing list