[Swan] klips_error:ipsec_xmit_encap_init

Mon, 22 Feb 2016 09:13:34 -0800 

Hi all,
I'm running libreswan 3.15 on centos 7. I'm trying to setup a IPv6-in-IPv4 tunnel according to the following configuration: 

version 2.0
config setup
        protostack=klips
        interfaces="ipsec0=eth0"

conn mytunnel
        authby=secret
        right=10.48.28.60
        left=10.48.28.70
        rightsubnet=2001:470:dc8c:5000::/64
        leftsubnet=2001:470:dc8c:4000::/64
        connaddrfamily=ipv6
        type=tunnel
        pfs=yes

The SAs are create as expected:

000 Total IPsec connections: loaded 1, active 1
000

000 State Information: DDoS cookies not required, Accepting new IKE 
connections

000 IKE SAs: total(1), half-open(0), open(0), authenticated(1), anonymous(0)
000 IPsec SAs: total(2), authenticated(2), anonymous(0)
000

000 #3: "mytunnel":500 STATE_QUICK_R2 (IPsec SA established); 
EVENT_SA_REPLACE in 24662s; isakmp#2; idle; import:not set
000 #3: "mytunnel" [email protected] [email protected] 
[email protected] [email protected] ref=0 refhim=4294901761 
Traffic:! ESPmax=4194303B
000 #4: "mytunnel":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); 
EVENT_SA_REPLACE in 24181s; newest IPSEC; eroute owner; isakmp#1; idle; 
import:admin initiate
000 #4: "mytunnel" used 2678s ago; [email protected] 
[email protected] [email protected] [email protected] ref=0 
refhim=4294901761 Traffic:! ESPmax=4194303B
000 #5: "mytunnel":500 STATE_MAIN_I4 (ISAKMP SA established); 
EVENT_SA_REPLACE in 1378s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); 
idle; import:admin initiate

000
000 Bare Shunt list:
000


Sending and receiving ICMPv6 and UDP traffic between the two subnets 
work. I've trouble with TCP connections. E.g. when starting a new ssh 
connection from the the host 2001:470:dc8c:4000::20 (centos 7) to the 
host 2001:470:dc8c:5000::20 (centos 7) several of these KLIPS errors are 
printed in the kernel log (on both gateways):



 [ 1731.562351] klips_error:ipsec_xmit_encap_init: tried to skb_put 29, 
19 available. Retuning IPSEC_XMIT_ESP_PUSHPULLERR  This should never 
happen, please report.
[ 1731.768707] klips_error:ipsec_xmit_encap_init: tried to skb_put 29, 
19 available. Retuning IPSEC_XMIT_ESP_PUSHPULLERR  This should never 
happen, please report.
[ 1731.975623] klips_error:ipsec_xmit_encap_init: tried to skb_put 29, 
19 available. Retuning IPSEC_XMIT_ESP_PUSHPULLERR  This should never 
happen, please report.



No ssh login prompt is displayed on the client end. I've tried ftp with 
similar result. Bump to libreswan 3.16 doesn't help.


Doing IPv4-in-IPv6 tunnel works fine. No KLIPS errors when using TCP.

Any ideas?

Thanks in advance,

/Erik
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan






















					Reply via email to