Thanks! It worked. -----Original Message----- From: Andreas Steffen [mailto:andreas.stef...@strongswan.org] Sent: Wednesday, June 08, 2011 4:36 PM To: Agrawal Hemant-B10814 Cc: Users@lists.strongswan.org Subject: Re: [strongSwan] unable to allocate SPIs from kernel
Hi Hemant, your are lacking the kernel_netlink plugin which is responsible for the communication with the Linux kernel. If you have an explicit plugin load list in strongswan.conf of the form charon { load = .. } then you must add kernel_netlink to this list. Regards Andreas On 06/08/2011 12:10 PM, Agrawal Hemant-B10814 wrote: > Hi Andreas, > > I am running linux 2.6.35 with strongswan 4.5.1 > > The result of ipsec status all is > ipsec statusall > Status of IKEv2 charon daemon (strongSwan 4.5.1): > uptime: 3 hours, siince Aug o28 12:02:36 2009 135168, mmap 0, used > 56928, free 78240 > worker threads: 11 idle of 16, job queue load: 0, scheduled events: > 0 > ns: aes edes sha1 sha2 md5 pem pkcs1 gmp random pubkey x509 revocation > hmac stroke socket-raw updown Listening IP addressses: > CIonnections: > net-nent: 200.200.200.20...200.200.200.10 > net-ne.t: loc al: [200.200.200.20] uses pre-shared keey > authenticationy > remote: [200.2 00.200.1:0] uses 0any authentication > net-net: child: 192.:168.2.0/24 === 192.168.12.0/24 > Security Associations: > None > > Regards, > Hemant > > -----Original Message----- > From: Andreas Steffen [mailto:andreas.stef...@strongswan.org] > Sent: Wednesday, June 08, 2011 3:26 PM > To: Agrawal Hemant-B10814 > Cc: Users@lists.strongswan.org > Subject: Re: [strongSwan] unable to allocate SPIs from kernel > > Hello Hemant, > > execute "ipsec statusall" and post the list of loaded strongSwan plugins. > > Which Linux kernel and which strongSwan version are you using? > > Regards > > Andreas > > On 08.06.2011 09:14, Agrawal Hemant-B10814 wrote: >> Hi, >> >> While trying to use strongswan for net-net scenario, >> I am facing following error: >> >> [root@P1024RDB /root]# ipsec up net-net >> >> initiating IKE_SA net-net[2] to 200.200.200.20 >> >> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) >> ] >> >> sending packet: from 200.200.200.10[500] to 200.200.200.20[500] >> >> received packet: from 200.200.200.20[500] to 200.200.200.10[500] >> >> parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) >> CERTREQ N(MULT_AUTH) ] >> >> received cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" >> >> sending cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" >> >> authentication of '200.200.200.10' (myself) with pre-shared key >> >> establishing CHILD_SA net-net >> >> *unable to allocate SPIs from kernel* >> >> * * >> >> I have compiled all the modules, which was suggested in >> >> /http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules/ >> >> / / >> >> I am still facing the problem. >> >> My ipsec.conf is as follows: >> >> / / >> >> /# /etc/ipsec.conf - strongSwan IPsec configuration file/ >> >> / / >> >> /config setup/ >> >> / charondebug="chd 4, knl 4"/ >> >> / crlcheckinterval=180/ >> >> / strictcrlpolicy=no/ >> >> / plutostart=no/ >> >> / / >> >> /conn %default/ >> >> / pfs=no/ >> >> / ikelifetime=60m/ >> >> / keylife=20m/ >> >> / rekeymargin=3m/ >> >> / keyingtries=1/ >> >> / keyexchange=ikev2/ >> >> / type=tunnel/ >> >> / auth=esp/ >> >> / compress=no/ >> >> / mobike=no/ >> >> / ike=3des-sha1-md5-modp1024!/ >> >> / esp=aes128-3des-sha1-md5!/ >> >> /conn net-net/ >> >> / authby=secret/ >> >> / left=200.200.200.10/ >> >> / leftsubnet=192.168.1.0/24/ >> >> / leftfirewall=yes/ >> >> / right=200.200.200.20/ >> >> / rightsubnet=192.168.2.0/24/ >> >> / auto=add/ >> >> Please help >> >> Regards, >> >> Hemant > > ====================================================================== > Andreas Steffen andreas.stef...@strongswan.org > strongSwan - the Linux VPN Solution! www.strongswan.org > Institute for Internet Technologies and Applications University of > Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) > ===========================================================[ITA-HSR]== > > -- ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users