Tobias Brunner <tobias@...> writes: > > Hi Jay, > > > The IPV4 tunnel appears to be > > assigned whereas there is no IPV6 tunnel configured so none is assigned. > > The result is that the Android client deletes the connection since both > > requests aren't satisfied. > > No that's not the issue. It's perfectly fine to setup a tunnel for one > address family only. > > > 04[KNL] received netlink error: No such file or directory (2) > > 04[KNL] unable to add SAD entry with SPI c8489b44 > > 04[KNL] received netlink error: No such file or directory (2) > > 04[KNL] unable to add SAD entry with SPI 6c540958 > > 04[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel > > 04[IKE] failed to establish CHILD_SA, keeping IKE_SA > > This is the actual problem that causes the server to return a > NO_PROPOSAL_CHOSEN notify back to the client, which it then treats as a > failure: > > > 05[IKE] received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built > > 05[IKE] closing IKE_SA due CHILD_SA setup failure > > Regarding the error returned by your kernel: > > > received netlink error: No such file or directory (2) > > I'm not sure what may cause it at that point. Most likely you are > missing some of the required kernel modules [1]. > > Regards, > Tobias > > [1] https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules > >
Hi Tobias, that was a good observation. The culprit appeared to be "authenc". I did a "modprobe authenc" as pointed out by the post at "https://forum.openwrt.org/viewtopic.php?id=48447"; and that solved the issue. I now occasionally have an issue creating a tunnel on the android 4.4.2 client but that appears to be a well known issue by now so I'll hope that Android 4.4.4 is pushed out soon and solves that it. I really appreciate your help. Jay _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
