[strongSwan] Kernel NETKEY issue with charon

ServerAlex Wed, 02 Sep 2009 15:28:12 -0700

Hello,
I'm currently installing strongSwan on an embedded internet router. I
loaded all necessary modules before running ipsec start. After ipsec
start (charon only) these ipsec-related modules are loaded (manually
or by ipsec start):


Module                  Size  Used by    Tainted: P
deflate                 2826  0
twofish                 8012  0
twofish_common         45187  1 twofish
serpent                24166  0
blowfish                9297  0
ecb                     3063  0
sha256                  9422  0
xfrm_user              23474  0
xfrm4_tunnel            1932  0
ipcomp                  6066  0
esp4                    6637  0
ah4                     5581  0
af_key                 34747  0
xfrm4_mode_transport     1944  0
xfrm4_mode_tunnel       2592  0
ipip                    9620  0
tunnel4                 2579  2 xfrm4_tunnel,ipip
hmac                    4076  0
crypto_hash             1508  1 hmac
sha1                    2317  0
md5                     4815  0
cbc                     4046  0
blkcipher               4679  2 ecb,cbc
des                    19392  0
aes                    29627  0
cryptomgr               2807  0
crypto_algapi          11055  13
deflate,twofish,serpent,blowfish,ecb,sha256,hmac,sha1,md5,cbc,des,aes,cryptomgr


But when I start my connection now, it gives me this error message:
IKE_SA bla[1] established between XXXX[XXXXX]...YYYY[YYYYY]
installing new virtual IP 10.3.0.1
received netlink error: Function not implemented (89)
unable to add SAD entry with SPI c9146f03
received netlink error: Function not implemented (89)
unable to add SAD entry with SPI cfab2a52
unable to install inbound and outbound IPsec SA (SAD) in kernel

Syslog records this:
Sep  3 00:14:36 router daemon.info syslog: 14[CFG] received stroke:
initiate 'bla'
Sep  3 00:14:36 router daemon.info syslog: 12[IKE] establishing CHILD_SA bla
Sep  3 00:14:36 router authpriv.info syslog: 12[IKE] establishing CHILD_SA bla
Sep  3 00:14:36 router daemon.info syslog: 12[KNL] getting SPI for reqid {2}
Sep  3 00:14:36 router daemon.info syslog: 12[KNL] sending
XFRM_MSG_ALLOCSPI: => 248 bytes @ 0x7ddff768
Sep  3 00:14:36 router daemon.info syslog: 12[KNL]    0: F8 00 00 00
16 00 01 00 CE 00 00 00 8B 0A 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 12[KNL]   16: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 12[KNL]   32: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 12[KNL]   48: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 12[KNL]   64: 00 00 00 00
00 00 00 00 A9 FE 02 01 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 12[KNL]   80: 00 00 00 00
00 00 00 00 00 00 00 00 32 00 00 00  ............2...
Sep  3 00:14:36 router daemon.info syslog: 12[KNL]   96: 55 0E D9 3E
00 00 00 00 00 00 00 00 00 00 00 00  U..>............
Sep  3 00:14:36 router daemon.info syslog: 12[KNL]  112: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 12[KNL]  128: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 12[KNL]  144: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 12[KNL]  160: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 12[KNL]  176: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 12[KNL]  192: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 12[KNL]  208: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 12[KNL]  224: 02 00 00 00
02 00 01 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 12[KNL]  240: 00 00 00 C0
FF FF FF CF                          ........
Sep  3 00:14:36 router daemon.info syslog: 12[KNL] got SPI c7868684
for reqid {2}
Sep  3 00:14:36 router daemon.info syslog: 12[ENC] generating
CREATE_CHILD_SA request 2 [ SA No TSi TSr ]
Sep  3 00:14:36 router daemon.info syslog: 12[NET] sending packet:
from 169.254.2.1[4500] to 85.14.217.62[4500]
Sep  3 00:14:36 router daemon.info syslog: 16[NET] received packet:
from 85.14.217.62[4500] to 169.254.2.1[4500]
Sep  3 00:14:36 router daemon.info syslog: 16[ENC] parsed
CREATE_CHILD_SA response 2 [ SA No TSi TSr ]
Sep  3 00:14:36 router daemon.info syslog: 16[KNL] adding SAD entry
with SPI c7868684 and reqid {2}
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]   using encryption
algorithm AES_CBC with key size 128
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]   using integrity
algorithm HMAC_SHA1_96 with key size 160
Sep  3 00:14:36 router daemon.info syslog: 16[KNL] sending
XFRM_MSG_UPDSA: => 448 bytes @ 0x7d5ff670
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]    0: C0 01 00 00
1A 00 05 00 CF 00 00 00 8F 0A 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]   16: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]   32: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]   48: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]   64: 00 00 00 00
00 00 00 00 A9 FE 02 01 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]   80: 00 00 00 00
00 00 00 00 C7 86 86 84 32 00 00 00  ............2...
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]   96: 55 0E D9 3E
00 00 00 00 00 00 00 00 00 00 00 00  U..>............
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  112: FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  128: FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  144: A7 03 00 00
00 00 00 00 B0 04 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  160: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  176: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  192: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  208: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  224: 02 00 00 00
02 00 01 20 20 00 00 00 00 00 00 00  .......  .......
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  240: 58 00 02 00
61 65 73 00 00 00 00 00 00 00 00 00  X...aes.........
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  256: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  272: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  288: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  304: 00 00 00 00
80 00 00 00 52 87 F7 DB 2C DE 28 B3  ........R...,.(.
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  320: 94 A4 DA BE
B3 0F 47 19 5C 00 01 00 73 68 61 31  ......G.\...sha1
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  336: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  352: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  368: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  384: 00 00 00 00
00 00 00 00 00 00 00 00 A0 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  400: A3 44 E2 26
90 1F 47 4C 46 95 80 E7 BE F4 9B B7  .D.&..GLF.......
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  416: B0 B6 1D A0
1C 00 04 00 02 00 11 94 11 94 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  432: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL] received netlink
error: Function not implemented (89)
Sep  3 00:14:36 router daemon.info syslog: 16[KNL] unable to add SAD
entry with SPI c7868684
Sep  3 00:14:36 router daemon.info syslog: 16[KNL] adding SAD entry
with SPI cb5fb0ca and reqid {2}
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]   using encryption
algorithm AES_CBC with key size 128
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]   using integrity
algorithm HMAC_SHA1_96 with key size 160
Sep  3 00:14:36 router daemon.info syslog: 16[KNL] sending
XFRM_MSG_NEWSA: => 448 bytes @ 0x7d5ff670
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]    0: C0 01 00 00
10 00 05 00 D0 00 00 00 8F 0A 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]   16: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]   32: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]   48: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]   64: 00 00 00 00
00 00 00 00 55 0E D9 3E 00 00 00 00  ........U..>....
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]   80: 00 00 00 00
00 00 00 00 CB 5F B0 CA 32 00 00 00  ........._..2...
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]   96: A9 FE 02 01
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  112: FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  128: FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  144: 00 00 00 00
00 00 00 00 B0 04 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  160: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  176: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  192: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  208: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  224: 02 00 00 00
02 00 01 20 20 00 00 00 00 00 00 00  .......  .......
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  240: 58 00 02 00
61 65 73 00 00 00 00 00 00 00 00 00  X...aes.........
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  256: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  272: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  288: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  304: 00 00 00 00
80 00 00 00 55 2A EB BB 97 E6 F9 B6  ........U*......
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  320: 3D 16 C8 05
DE A6 2F 52 5C 00 01 00 73 68 61 31  =...../R\...sha1
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  336: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  352: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  368: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  384: 00 00 00 00
00 00 00 00 00 00 00 00 A0 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  400: 53 D7 28 1A
2F 15 2E 4A 26 B2 2D 8C 90 A0 E7 7B  S.(./..J&.-....{
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  416: FD 96 CC 0E
1C 00 04 00 02 00 11 94 11 94 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]  432: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL] received netlink
error: Function not implemented (89)
Sep  3 00:14:36 router daemon.info syslog: 16[KNL] unable to add SAD
entry with SPI cb5fb0ca
Sep  3 00:14:36 router daemon.info syslog: 16[IKE] unable to install
inbound and outbound IPsec SA (SAD) in kernel
Sep  3 00:14:36 router daemon.info syslog: 16[KNL] deleting SAD entry
with SPI c7868684
Sep  3 00:14:36 router daemon.info syslog: 16[KNL] sending
XFRM_MSG_DELSA: => 40 bytes @ 0x7d5ff7b8
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]    0: 28 00 00 00
11 00 05 00 D1 00 00 00 8F 0A 00 00  (...............
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]   16: A9 FE 02 01
00 00 00 00 00 00 00 00 00 00 00 00  ................
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]   32: C7 86 86 84
02 00 32 00                          ......2.
Sep  3 00:14:36 router daemon.info syslog: 16[KNL] deleted SAD entry
with SPI c7868684
Sep  3 00:14:36 router daemon.info syslog: 16[KNL] deleting SAD entry
with SPI cb5fb0ca
Sep  3 00:14:36 router daemon.info syslog: 16[KNL] sending
XFRM_MSG_DELSA: => 40 bytes @ 0x7d5ff7b8
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]    0: 28 00 00 00
11 00 05 00 D2 00 00 00 8F 0A 00 00  (...............
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]   16: 55 0E D9 3E
00 00 00 00 00 00 00 00 00 00 00 00  U..>............
Sep  3 00:14:36 router daemon.info syslog: 16[KNL]   32: CB 5F B0 CA
02 00 32 00                          ._....2.
Sep  3 00:14:36 router daemon.info syslog: 16[KNL] received netlink
error: No such process (3)
Sep  3 00:14:36 router daemon.info syslog: 16[KNL] unable to delete
SAD entry with SPI cb5fb0ca



Now the weird thing comes.. After I ran pluto once (and disabled
afterwards), charon can establish the connection.. It seems to be
related to the kernel_alg_register_pfkey() calls or something like
that. At least it didn't load further modules.
Whats wrong? How can I fix this without running pluto?

Thanks for advice,
Alex
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

[strongSwan] Kernel NETKEY issue with charon

Reply via email to