[strongSwan] Issue with network unreachable.

[Dees]

hi All,
We are having this issue with route addition. Eth3 is loop back interface. Any 
clues why?
Oct 18 14:26:46 ubuntu-28 charon: 07[CFG] selected proposal: 
ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQOct 18 14:26:46 ubuntu-28 charon: 
07[KNL] getting SPI for reqid {1}Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] got 
SPI cdde868a for reqid {1}Oct 18 14:26:46 ubuntu-28 charon: 07[CFG] selecting 
traffic selectors for us:Oct 18 14:26:46 ubuntu-28 charon: 07[CFG]  config: 
0.0.0.0/0, received: 0.0.0.0/0 => match: 0.0.0.0/0Oct 18 14:26:46 ubuntu-28 
charon: 07[CFG] selecting traffic selectors for other:Oct 18 14:26:46 ubuntu-28 
charon: 07[CFG]  config: 100.120.120.1/32, received: 0.0.0.0/0 => match: 
100.120.120.1/32Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] adding SAD entry with 
SPI cdde868a and reqid {1}  (mark 0/0x)Oct 18 14:26:46 ubuntu-28 
charon: 07[KNL]   using encryption algorithm AES_CBC with key size 128Oct 18 
14:26:46 ubuntu-28 charon: 07[KNL]   using integrity algorithm HMAC_SHA1_96 
with key size 160Oct 18 14:26:46 ubuntu-28 charon: 07[KNL]   using replay 
window of 32 packetsOct 18 14:26:46 ubuntu-28 charon: 07[KNL] adding SAD entry 
with SPI c832aca7 and reqid {1}  (mark 0/0x)Oct 18 14:26:46 ubuntu-28 
charon: 07[KNL]   using encryption algorithm AES_CBC with key size 128Oct 18 
14:26:46 ubuntu-28 charon: 07[KNL]   using integrity algorithm HMAC_SHA1_96 
with key size 160Oct 18 14:26:46 ubuntu-28 charon: 07[KNL]   using replay 
window of 32 packetsOct 18 14:26:46 ubuntu-28 charon: 07[KNL] adding policy 
0.0.0.0/0 === 100.120.120.1/32 out  (mark 0/0x)Oct 18 14:26:46 
ubuntu-28 charon: 07[KNL] adding policy 100.120.120.1/32 === 0.0.0.0/0 in  
(mark 0/0x)Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] adding policy 
100.120.120.1/32 === 0.0.0.0/0 fwd  (mark 0/0x)Oct 18 14:26:46 
ubuntu-28 charon: 07[KNL] getting a local address in traffic selector 
0.0.0.0/0Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] using host %anyOct 18 
14:26:46 ubuntu-28 charon: 07[KNL] using 10.0.10.1 as nexthop to reach 
173.38.168.235Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] 128.107.252.138 is on 
interface eth3Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] installing route: 
100.120.120.1/32 via 10.0.10.1 src %any dev eth3Oct 18 14:26:46 ubuntu-28 
charon: 07[KNL] getting iface index for eth3Oct 18 14:26:46 ubuntu-28 charon: 
07[KNL] received netlink error: Network is unreachable (101)Oct 18 14:26:46 
ubuntu-28 charon: 07[KNL] unable to install source route for %anyOct 18 
14:26:46 ubuntu-28 charon: 07[KNL] policy 0.0.0.0/0 === 100.120.120.1/32 out  
(mark 0/0x) already exists, increasing refcountOct 18 14:26:46 
ubuntu-28 charon: 07[KNL] updating policy 0.0.0.0/0 === 100.120.120.1/32 out  
(mark 0/0x)Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] policy 
100.120.120.1/32 === 0.0.0.0/0 in  (mark 0/0x) already exists, 
increasing refcountOct 18 14:26:46 ubuntu-28 charon: 07[KNL] updating policy 
100.120.120.1/32 === 0.0.0.0/0 in  (mark 0/0x)Oct 18 14:26:46 ubuntu-28 
charon: 07[KNL] policy 100.120.120.1/32 === 0.0.0.0/0 fwd  (mark 0/0x) 
already exists, increasing refcountOct 18 14:26:46 ubuntu-28 charon: 07[KNL] 
updating policy 100.120.120.1/32 === 0.0.0.0/0 fwd  (mark 0/0x)Oct 18 
14:26:46 ubuntu-28 charon: 07[KNL] getting a local address in traffic selector 
0.0.0.0/0Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] using host %anyOct 18 
14:26:46 ubuntu-28 charon: 07[KNL] using 10.0.10.1 as nexthop to reach 
173.38.168.235Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] 128.107.252.138 is on 
interface eth3Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] installing route: 
100.120.120.1/32 via 10.0.10.1 src %any dev eth3Oct 18 14:26:46 ubuntu-28 
charon: 07[KNL] getting iface index for eth3Oct 18 14:26:46 ubuntu-28 charon: 
07[KNL] received netlink error: Network is unreachable (101)Oct 18 14:26:46 
ubuntu-28 charon: 07[KNL] unable to install source route for %anyOct 18 
14:26:46 ubuntu-28 charon: 07[IKE] CHILD_SA certs-only{1} established with SPIs 
cdde868a_i c832aca7_o and TS 0.0.0.0/0 === 100.120.120.1/32 
O^Croot@ubuntu-28:/etc# show ip addressThe program 'show' is currently not 
installed. You can install it by typing:apt-get install nmhroot@ubuntu-28:/etc# 
ip addres show1: lo:  mtu 65536 qdisc noqueue state 
UNKNOWN group default     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 
   inet 127.0.0.1/8 scope host lo       valid_lft forever preferred_lft forever 
   inet6 ::1/128 scope host        valid_lft forever preferred_lft forever2: 
eth0:  mtu 1500 qdisc mq state UP group 
default qlen 1000    link/ether b8:38:61:7c:24:9e brd ff:ff:ff:ff:ff:ff    inet 
10.0.10.28/24 brd 10.0.10.255 scope global eth0       valid_lft forever 
preferred_lft forever    inet6 2001:420:81:ff99:ba38:61ff:fe7c:249e/64 scope 
global dynamic        valid_lft 2591962sec preferred_lft 604762sec    inet6 

[strongSwan] getting internal address failure for IP6tunnelinIPV4

[Dees]

I am trying to establish IPV6 tunnel in IPV4 with internal IPV6 address for 
client, it is failing with no virtual ip found, any guidance why would that be?
Apr 26 11:43:58 segw1 charon: 17[ENC] added payload of type AUTHENTICATION to 
messageApr 26 11:43:58 segw1 charon: 17[IKE] authentication of 'test.local' 
(myself) with RSA signature successfulApr 26 11:43:58 segw1 charon: 17[IKE] 
IKE_SA certs-only-sn1[1] established between 
173.38.2.2[xxx.xxx..local]...173.38.2.1[0024480CA590.node.com]Apr 26 
11:43:58 segw1 charon: 17[IKE] IKE_SA certs-only-sn1[1] state change: 
CONNECTING => ESTABLISHEDApr 26 11:43:58 segw1 charon: 17[IKE] sending end 
entity cert "CN=x, O=x"Apr 26 11:43:58 segw1 charon: 01[JOB] next event in 29s 
861ms, waitingApr 26 11:43:58 segw1 charon: 17[ENC] added payload of type 
CERTIFICATE to messageApr 26 11:43:58 segw1 charon: 17[IKE] peer requested 
virtual IP %anyApr 26 11:43:58 segw1 charon: 17[IKE] no virtual IP found for 
%any requested by '0024480CA590.node.com'Apr 26 11:43:58 segw1 charon: 
17[IKE] no virtual IP found, sending INTERNAL_ADDRESS_FAILUREApr 26 11:43:58 
segw1 charon: 17[ENC] added payload of type NOTIFY to message

conn certs-only-sn        left=test.local        leftcert=test.pem        
leftid=@testlocal        leftsubnet=fd00:0:0:10::/64        
ike=aes-sha1-modp2048!        esp=aes-sha1-modp2048!        mobike=no        
rightauth=rsasig        leftauth=rsasig        
rightid=0024480CA590.node.com        rightsourceip=fd00:0:0:11::1        
auto=add
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users