[strongSwan] parsed CREATE_CHILD_SA response 2 [ N(TS_UNACCEPT) ], received TS_UNACCEPTABLE notify, no CHILD_SA built
Sujoy
sujoy.b at mindlogicx.com
Tue Feb 20 15:00:49 CET 2018
Hi Jafar,
I am able to establish tunnel when I try to connect from LAN IP. But
with same configuration(Firewall setting) and same OS version it failed
to establish tunnel with *nated public IP*.
What means parsed "failed to establish CHILD_SA, keeping IKE_SA". Please
let me know if you have any idea regarding this issue.
Thanks
On Friday 16 February 2018 09:47 PM, Jafar Al-Gharaibeh wrote:
>
> On 2/16/2018 3:39 AM, Sujoy wrote:
>>
>> The config file is same but then also it failed by saying "unable to
>> install inbound and outbound IPsec SA (SAD) in kernel failed to
>> establish CHILD_SA, keeping IKE_SA".
>>
>
> It is failing with the error "IPsec SA: unsupported mode". That means
> transport (USE_TRANSP one line above) mode is not supported. This is
> due to using kernel-libipsec plugin (look at the loaded plugins list)
> which doesn't not implement transport mode as far as I know. Either
> disable that plugin or switch back to tunnel mode.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180220/191ade9c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nnefdlbmnpakigdl.png
Type: image/png
Size: 220193 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180220/191ade9c/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mbdaocldcglcdjbn.png
Type: image/png
Size: 134477 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180220/191ade9c/attachment-0003.png>
More information about the Users
mailing list