Hi Alexandre, > When running strongswan with the 3.2 kernel here is what i find in the logs: > > Feb 8 16:56:11 shire charon: 16[KNL] unable to add policy 172.17.2.0/24 > === 172.20.0.0/23 out > Feb 8 16:56:11 shire charon: 16[KNL] unable to add policy 172.20.0.0/23 > === 172.17.2.0/24 in > Feb 8 16:56:11 shire charon: 16[KNL] unable to add policy 172.20.0.0/23 > === 172.17.2.0/24 fwd > Feb 8 16:56:11 shire charon: 16[IKE] unable to install IPsec policies > (SPD) in kernel > > If i check ip xfrm policy I indeed note that the policy vanished, > whereas the tunnel seems still up
Yes, the errors above are currently ignored by the daemon. They are usually seen if the policies are already installed in the kernel (e.g. because the daemon previously crashed and the policies were not flushed before it got restarted). If anything else were the reason for them you would see additional error messages like "received netlink error: ..." in the log. But since you say you don't see the policies listed in "ip xfrm policy" this seems a bit strange... Not sure what happened here but recent versions of strongSwan should run fine on 3.2 kernels, as can be seen by the latest results of our test suite [1], which Andreas recently ran with a 3.2.4 kernel against the 4.6.2 release candidate (if that's also true for 4.4.1, I don't know). Regards, Tobias [1] http://www.strongswan.org/uml-testresults4rc.html _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users