[strongSwan] received TS_UNACCEPTABLE notify, no CHILD_SA built

Jafar Al-Gharaibeh jafar at atcorp.com
Fri Feb 16 17:17:55 CET 2018

On 2/16/2018 3:39 AM, Sujoy wrote:
> The config file is same but then also it failed by saying "unable to 
> install inbound and outbound IPsec SA (SAD) in kernel failed to 
> establish CHILD_SA, keeping IKE_SA".

It is failing with the error "IPsec SA: unsupported mode". That means 
transport (USE_TRANSP  one line above) mode is not supported. This is 
due to using kernel-libipsec plugin (look at the loaded plugins list) 
which  doesn't not implement transport mode as far as I  know. Either 
disable that plugin or switch back to tunnel mode.

More information about the Users mailing list