[strongSwan] trap not found, unable to acquire reqid
rajeev nohria
rajnohria at gmail.com
Mon Jun 6 14:28:36 CEST 2016
Noel,
IKEv2 should be able to create SA when there are only policies installed
and a packet matches with the policy. That was reason I was expecting for
above ping to work. If that is not the case what is the use of ACQUIRE
message? Let me know if I am missing something here.
Regards,
Rajeev
On Thu, Jun 2, 2016 at 1:34 PM, Noel Kuntze <noel at familie-kuntze.de> wrote:
> Keep it on the mailing lists.
> Then don't use a keying daemon. The only things a keying daemon does is
> install SAs, SPs and routes.
> If you don't want charon to do any of those things, don't use it.
>
> And there's still the VICI API to charon that you can use to dynamically
> load and unload any configuration.
>
> On 02.06.2016 19:26, rajeev nohria wrote:
> > Noel,
> >
> > We are planning to install SA and policies dynamically. We don't want to
> use the swanctl.conf for configuration using Strongswan 5.4.
> >
> > Thanks,
> > Rajeev
> >
> > On Thu, Jun 2, 2016 at 12:12 PM, Noel Kuntze <noel at familie-kuntze.de
> <mailto:noel at familie-kuntze.de>> wrote:
> >
> > That's because you installed the policies by yourself. Don't do that.
> >
> > On 02.06.2016 17:25, rajeev nohria wrote:
> > > I added manual entries for policy using "ip xfrm policy" both at
> receptor and initiator. Both are host and IP address of 10.13.199.185 and
> 10.13.199.130.
> > >
> > > Initiator:
> > >
> > > sudo ip xfrm policy add src 10.13.199.185 dst 10.13.199.130 dir
> out tmpl src 10.13.199.185 dst 10.13.199.130 proto esp reqid 16386 mode
> transport
> > >
> > > sudo ip xfrm policy add src 10.13.199.130 dst 10.13.199.185 dir in
> tmpl src 10.13.199.130 dst 10.13.199.185 proto esp reqid 16386 mode
> transport
> > >
> > >
> > >
> > >
> > >
> > > Receptor:
> > >
> > > sudo ip xfrm policy add src 10.13.199.130 dst 10.13.199.185 dir
> out tmpl src 10.13.199.130 dst 10.13.199.185 proto esp reqid 16386 mode
> transport
> > >
> > > sudo ip xfrm policy add src 10.13.199.185 dst 10.13.199.130 dir in
> tmpl src 10.13.199.185 dst 10.13.199.130 proto esp reqid 16386 mode
> transport
> > >
> > >
> > >
> > >
> > > when I try to ping, I get following error. I expect it to create
> dynamic SA and ping to be successful.
> > >
> > > Jun 2 08:03:52 05[KNL] received a XFRM_MSG_ACQUIRE
> > > Jun 2 08:03:52 05[KNL] XFRMA_TMPL
> > > Jun 2 08:03:52 05[KNL] creating acquire job for policy
> 10.13.199.185/32[udp/48785] <http://10.13.199.185/32[udp/48785]> <
> http://10.13.199.185/32[udp/48785]> === 10.13.199.130/32[udp/1025] <
> http://10.13.199.130/32[udp/1025]> <http://10.13.199.130/32[udp/1025]>
> with reqid {16386}
> > > Jun 2 08:03:52 07[CFG] trap not found, unable to acquire reqid
> 16386
> > >
> > >
> > > Thanks,
> > > Raj
> > >
> >
> >
> > --
> >
> > Mit freundlichen Grüßen/Kind Regards,
> > Noel Kuntze
> >
> > GPG Key ID: 0x63EC6658
> > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> >
> >
> >
>
>
> --
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160606/cd974b34/attachment.html>
More information about the Users
mailing list