[strongSwan] received TS_UNACCEPTABLE notify, no CHILD_SA built
Jafar Al-Gharaibeh
jafar at atcorp.com
Fri Feb 16 17:17:55 CET 2018
On 2/16/2018 3:39 AM, Sujoy wrote:
>
> The config file is same but then also it failed by saying "unable to
> install inbound and outbound IPsec SA (SAD) in kernel failed to
> establish CHILD_SA, keeping IKE_SA".
>
It is failing with the error "IPsec SA: unsupported mode". That means
transport (USE_TRANSP one line above) mode is not supported. This is
due to using kernel-libipsec plugin (look at the loaded plugins list)
which doesn't not implement transport mode as far as I know. Either
disable that plugin or switch back to tunnel mode.
More information about the Users
mailing list