[strongSwan] Error Message: "unsupported mode"?

Michael Schwartzkopff ms at sys4.de
Sat Oct 1 16:48:43 CEST 2022 

On 01.10.22 16:43, Carlos Velasco wrote:
> Hi Michael,
>
> I think remote end wants Transport mode "N(USE_TRANSP)", and local 
> says it is not supported.
> I suppose you are using Linux in local with "kernel-netlink" module 
> for strongswan (default), so I would check if module transport is 
> enabled in your kernel.
> Refer to this doc: 
> https://docs.strongswan.org/docs/5.9/install/kernelModules.html
>
> "IP: IPsec transport mode [CONFIG_INET_XFRM_MODE_TRANSPORT]" usually 
> can be checked with command in doc:
> grep '\<CONFIG_INET_XFRM_MODE_TRANSPORT\>' /boot/config-`uname -r`
>
> Also, if it is compiled as module (m), try to load it manually, I 
> think module name is "xfrm4_mode_transport".
>
> If it is not Linux, you must check your local OS (or strongswan 
> module, if not using kernel-netlink) to properly support Transport mode.
>
> Regards,
> Carlos Velasco
>
Thanks. Will check.



> Michael Schwartzkopff escribió el 01/10/2022 a las 15:48:
>> Hi,
>>
>>
>> I googled but I did not find a reasonable answer. We try to set up some
>> specific strongswan-strongswan connection in transport mode. The log 
>> says:
>>
>>
>> NET received packet: from x.x.x.x[4500] to y.y.y.y[4500] (240 bytes)}
>> ENC parsed CREATE_CHILD_SA request 7 [ N(USE_TRANSP) SA No KE TSi TSr ]}
>> CFG selected proposal: ESP:CHACHA20_POLY1305/CURVE_25519/NO_EXT_SEQ}
>> ESP IPsec SA: unsupported mode}
>> ESP failed to create SAD entry}
>> ESP IPsec SA: unsupported mode}
>> ESP failed to create SAD entry}
>> IKE unable to install inbound and outbound IPsec SA (SAD) in kernel}
>> IKE failed to establish CHILD_SA, keeping IKE_SA}
>> ENC generating CREATE_CHILD_SA response 7 [ N(NO_PROP) ]}
>>
>> What exactly does "IPsec SA: unsupported mode" mean? unsupported mode
>> "transport"?
>>
>> Or unsupported cipher algorithms? Or anything else went wrong?
>>
>>
>> Mit freundlichen Grüßen,
>>


Mit freundlichen Grüßen,

-- 

[*] sys4 AG
  
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
  
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein

More information about the Users mailing list