Hi, >>>> [IKE] unable to allocate SPIs from kernel >>> >>> Unfortunately, the stock N900 kernel does not support the required IPsec >>> modules. You'll have to install the "kernel-power" [1] package. It seems >>> that such a hint is missing on our wiki page, I'll fix that. >> >> Hm, that's strange since the Maemo strongswan package actually has a >> dependency on kernel-power (>= 2.6.28-maemo42). Peter, did you restart >> your device after installing the packages? > > That's it, installing the "kernel-power" [1] package, solves the issue > with "unable to allocate SPIs from kernel" on the device.
Although, I'm able to establish vpn-connection with "EAP NetworkManager Client", I'm not able to connect with my N900 Device to our strongSwan gateway. Something seems to be wrong with the gateway peer config. Both clients(n900 and EAP NM) are configured with the "gateway-certificate". The "Subject Alternative Name" of the gateway-certificate is "email:[email protected]" here is the gateway peer-config: conn eap-intern ike=aes256-sha1-modp1024! esp=aes256-sha1! rekey=no left=10.1.0.2 leftsubnet=0.0.0.0/0 leftauth=pubkey leftcert=cert.pem [email protected] rightauth=eap-radius rightsendcert=never eap_identity=%any auto=add here is the gateway-log, when I try to connect with the n900 device: 08[NET] received packet: from 10.205.1.129[4500] to 10.1.0.2[4500] 08[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] [CFG] looking for peer configs matching 10.1.0.2[vpn.server.de]...10.205.1.129[wipe@mopo] 08[CFG] no matching peer config found ... 08[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ] here the gateway-log, when I connect with "EAP NetworkManager" Client: 04[CFG] looking for peer configs matching 10.1.0.2[C=DE, O=MoPo WLAN Uni Freiburg, CN=vpn.server.de]...10.205.1.1[wipe@mopo] 04[CFG] candidate "eap-intern", match: 20/1/5 (me/other/ike) 04[CFG] selected peer config 'mopo-eap-intern' 04[IKE] initiating EAP-Identity request ... 04[IKE] authentication of 'C=DE, O=MoPo WLAN Uni Freiburg, CN=vpn.server.de' (myself) with RSA signature successful 04[ENC] generating IKE_AUTH response 1 [ IDr AUTH EAP/REQ/ID ] ... 14[IKE] received EAP identity 'wipe@mopo' ... 14[IKE] initiating EAP_RADIUS method 14[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ] ... 08[IKE] authentication of 'wipe@mopo' with EAP successful .... Maybe this issue deals with the "SubjectAltName", configured in the gateway-certificate? Thanks for any help! peter _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
