Hello,
I'm currently installing strongSwan on an embedded internet router. I
loaded all necessary modules before running ipsec start. After ipsec
start (charon only) these ipsec-related modules are loaded (manually
or by ipsec start):
Module Size Used byTainted: P
deflate 2826 0
twofish 8012 0
twofish_common 45187 1 twofish
serpent24166 0
blowfish9297 0
ecb 3063 0
sha256 9422 0
xfrm_user 23474 0
xfrm4_tunnel1932 0
ipcomp 6066 0
esp46637 0
ah4 5581 0
af_key 34747 0
xfrm4_mode_transport 1944 0
xfrm4_mode_tunnel 2592 0
ipip9620 0
tunnel4 2579 2 xfrm4_tunnel,ipip
hmac4076 0
crypto_hash 1508 1 hmac
sha12317 0
md5 4815 0
cbc 4046 0
blkcipher 4679 2 ecb,cbc
des19392 0
aes29627 0
cryptomgr 2807 0
crypto_algapi 11055 13
deflate,twofish,serpent,blowfish,ecb,sha256,hmac,sha1,md5,cbc,des,aes,cryptomgr
But when I start my connection now, it gives me this error message:
IKE_SA bla[1] established between [X]...[Y]
installing new virtual IP 10.3.0.1
received netlink error: Function not implemented (89)
unable to add SAD entry with SPI c9146f03
received netlink error: Function not implemented (89)
unable to add SAD entry with SPI cfab2a52
unable to install inbound and outbound IPsec SA (SAD) in kernel
Syslog records this:
Sep 3 00:14:36 router daemon.info syslog: 14[CFG] received stroke:
initiate 'bla'
Sep 3 00:14:36 router daemon.info syslog: 12[IKE] establishing CHILD_SA bla
Sep 3 00:14:36 router authpriv.info syslog: 12[IKE] establishing CHILD_SA bla
Sep 3 00:14:36 router daemon.info syslog: 12[KNL] getting SPI for reqid {2}
Sep 3 00:14:36 router daemon.info syslog: 12[KNL] sending
XFRM_MSG_ALLOCSPI: => 248 bytes @ 0x7ddff768
Sep 3 00:14:36 router daemon.info syslog: 12[KNL]0: F8 00 00 00
16 00 01 00 CE 00 00 00 8B 0A 00 00
Sep 3 00:14:36 router daemon.info syslog: 12[KNL] 16: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
Sep 3 00:14:36 router daemon.info syslog: 12[KNL] 32: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
Sep 3 00:14:36 router daemon.info syslog: 12[KNL] 48: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
Sep 3 00:14:36 router daemon.info syslog: 12[KNL] 64: 00 00 00 00
00 00 00 00 A9 FE 02 01 00 00 00 00
Sep 3 00:14:36 router daemon.info syslog: 12[KNL] 80: 00 00 00 00
00 00 00 00 00 00 00 00 32 00 00 00 2...
Sep 3 00:14:36 router daemon.info syslog: 12[KNL] 96: 55 0E D9 3E
00 00 00 00 00 00 00 00 00 00 00 00 U..>
Sep 3 00:14:36 router daemon.info syslog: 12[KNL] 112: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
Sep 3 00:14:36 router daemon.info syslog: 12[KNL] 128: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
Sep 3 00:14:36 router daemon.info syslog: 12[KNL] 144: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
Sep 3 00:14:36 router daemon.info syslog: 12[KNL] 160: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
Sep 3 00:14:36 router daemon.info syslog: 12[KNL] 176: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
Sep 3 00:14:36 router daemon.info syslog: 12[KNL] 192: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
Sep 3 00:14:36 router daemon.info syslog: 12[KNL] 208: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
Sep 3 00:14:36 router daemon.info syslog: 12[KNL] 224: 02 00 00 00
02 00 01 00 00 00 00 00 00 00 00 00
Sep 3 00:14:36 router daemon.info syslog: 12[KNL] 240: 00 00 00 C0
FF FF FF CF
Sep 3 00:14:36 router daemon.info syslog: 12[KNL] got SPI c7868684
for reqid {2}
Sep 3 00:14:36 router daemon.info syslog: 12[ENC] generating
CREATE_CHILD_SA request 2 [ SA No TSi TSr ]
Sep 3 00:14:36 router daemon.info syslog: 12[NET] sending packet:
from 169.254.2.1[4500] to 85.14.217.62[4500]
Sep 3 00:14:36 router daemon.info syslog: 16[NET] received packet:
from 85.14.217.62[4500] to 169.254.2.1[4500]
Sep 3 00:14:36 router daemon.info syslog: 16[ENC] parsed
CREATE_CHILD_SA response 2 [ SA No TSi TSr ]
Sep 3 00:14:36 router daemon.info syslog: 16[KNL] adding SAD entry
with SPI c7868684 and reqid {2}
Sep 3 00:14:36 router daemon.info syslog: 16[KNL] using encryption
algorithm AES_CBC with key size 128
Sep 3 00:14:36 router daemon.info syslog: 16[KNL] using integrity
algorithm HMAC_SHA1_96 with key size 160
Sep 3 00:14:36 router daemon.info syslog: 16[KNL] sending
XFRM_MSG_UPD