<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<body text="#000000" bgcolor="#FFFFFF">
I am able to establish tunnel when I try to connect from LAN IP. But
with same configuration(Firewall setting) and same OS version it
failed to establish tunnel with <b>nated public IP</b>. <br>
What means parsed "failed to establish CHILD_SA, keeping IKE_SA".
Please let me know if you have any idea regarding this issue. <br>
<p><img src="cid:part1.333A6265.988AF481@mindlogicx.com" alt=""
width="966" height="446"> </p>
<p><img src="cid:part2.F80C7180.85AA34E5@mindlogicx.com" alt=""
<div class="moz-cite-prefix">On Friday 16 February 2018 09:47 PM,
Jafar Al-Gharaibeh wrote:<br>
On 2/16/2018 3:39 AM, Sujoy wrote:
The config file is same but then also it failed by saying
"unable to install inbound and outbound IPsec SA (SAD) in kernel
failed to establish CHILD_SA, keeping IKE_SA".
It is failing with the error "IPsec SA: unsupported mode". That
means transport (USE_TRANSP one line above) mode is not
supported. This is due to using kernel-libipsec plugin (look at
the loaded plugins list) which doesn't not implement transport
mode as far as I know. Either disable that plugin or switch back
to tunnel mode.