Hi, I am seeing CHILD_SA failure in the IPv6 case (strongswan-5.0.1, Linux kenerl 2.6.34) due to received netlink error: Protocol not supported (93). I have included the log below. I have searched the old threads and found [1] which suggests something related to the IPComp. I have never turned this option on, but I then turn it off anyway in the ipsec.conf. This does not help. I then found another thread [2] and [3] which talked about enabling IPv6 on the linux. My linux box has already enabled the IPv6 and is receiving and sending IKEv2 messages through its IPv6 interface: eth0 (please see the log below).
Is there still something missing in my kernel which I need to build in or turn on? Thank you! Robert email threads: [1]: http://wiki.strongswan.org/issues/183 [2]: https://lists.strongswan.org/pipermail/users/2008-November/002915.html [3]: https://lists.strongswan.org/pipermail/users/2008-October/002782.html server log: charon: 00[KNL] detected Linux 2.6.34, no support for RTA_PREFSRC for IPv6 routes <--- not sure if this is also an error? ........ charon: 13[NET] received packet: from 2002:c023:9c17:21c:21b:78ff:fee0:6ba4[4500] to 2002:c023:9c17:2c0::a2a:7064[4500] charon: 13[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH CP(ADDR6 DNS6) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] ........ charon: 13[KNL] adding SAD entry with SPI c9e5baf2 and reqid {1} (mark 0/0x00000000) charon: 13[KNL] using encryption algorithm AES_CBC with key size 128 charon: 13[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160 charon: 13[KNL] using replay window of 32 packets charon: 13[KNL] received netlink error: Protocol not supported (93) charon: 13[KNL] unable to add SAD entry with SPI c9e5baf2 charon: 13[KNL] adding SAD entry with SPI c85caae7 and reqid {1} (mark 0/0x00000000) charon: 13[KNL] using encryption algorithm AES_CBC with key size 128 charon: 13[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160 charon: 13[KNL] using replay window of 32 packets charon: 13[KNL] received netlink error: Protocol not supported (93) charon: 13[KNL] unable to add SAD entry with SPI c85caae7 charon: 13[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel charon: 13[IKE] failed to establish CHILD_SA, keeping IKE_SA charon: 13[KNL] deleting SAD entry with SPI c9e5baf2 (mark 0/0x00000000) charon: 13[KNL] deleted SAD entry with SPI c9e5baf2 (mark 0/0x00000000) charon: 13[KNL] deleting SAD entry with SPI c85caae7 (mark 0/0x00000000) charon: 13[ENC] generating IKE_AUTH response 1 [ IDr AUTH CP(ADDR6 DNS DNS6 DHCP DHCP6) N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR) N(NO_PROP) ] charon: 13[NET] sending packet: from 2002:c023:9c17:2c0::a2a:7064[4500] to 2002:c023:9c17:21c:21b:78ff:fee0:6ba4[4500]
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
