Hi,
While trying to use strongswan for net-net scenario, I am
facing following error:
[root@P1024RDB /root]# ipsec up net-net
initiating IKE_SA net-net[2] to 200.200.200.20
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 200.200.200.10[500] to 200.200.200.20[500]
received packet: from 200.200.200.20[500] to 200.200.200.10[500]
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ
N(MULT_AUTH) ]
received cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
sending cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
authentication of '200.200.200.10' (myself) with pre-shared key
establishing CHILD_SA net-net
unable to allocate SPIs from kernel
I have compiled all the modules, which was suggested in
http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
I am still facing the problem.
My ipsec.conf is as follows:
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
charondebug="chd 4, knl 4"
crlcheckinterval=180
strictcrlpolicy=no
plutostart=no
conn %default
pfs=no
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
type=tunnel
auth=esp
compress=no
mobike=no
ike=3des-sha1-md5-modp1024!
esp=aes128-3des-sha1-md5!
conn net-net
authby=secret
left=200.200.200.10
leftsubnet=192.168.1.0/24
leftfirewall=yes
right=200.200.200.20
rightsubnet=192.168.2.0/24
auto=add
Please help
Regards,
Hemant
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
