Hi Noel, Thanks for the help. These are the log messages: http://pastebin.com/QjsA0XW2 <http://pastebin.com/QjsA0XW2>
> On Jun 25, 2015, at 1:45 AM, Noel Kuntze <[email protected]> wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Hello Glen, > > No, they are not. There are different key exchanges and algorithm > negotiations for IKE and the subsequent SA pairs. > You need to configure a file logger[1] and look at the logs to figure out > what algos are negotiated for the IPsec SAs. > > Use those options for the file logger: > default = 3 > mgr = 1 > ike = 1 > net = 1 > enc = 0 > cfg = 2 > asn = 1 > job = 1 > knl = 1 > > [1] https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration > Mit freundlichen Grüßen/Kind Regards, > Noel Kuntze > > GPG Key ID: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > Am 24.06.2015 um 19:42 schrieb Glen Huang: >> Thank you. How do i check what algorithms are negotiated? Are those the "IKE >> proposal" from ipsec statusall? >> >> If so, they are "3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536", which ones >> do you think are missing from the lsmod list? >> >>> On Jun 25, 2015, at 1:36 AM, Noel Kuntze <[email protected]> wrote: >>> >>> >> Hello Glen, >> >> You obviously also need kernel support for the algorithms >> that are negotiated for the IPsec SAs. >> Check what algorithms are negotitated and then load the corresponding >> kernel module. >> >> Mit freundlichen Grüßen/Kind Regards, >> Noel Kuntze >> >> GPG Key ID: 0x63EC6658 >> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 >> >> Am 24.06.2015 um 19:30 schrieb Glen Huang: >>>>> Hi, >>>>> >>>>> I'm trying to establish a ikev1 transport SA, but it failed with error >>>>> like "received netlink error: Function not implemented (89)", I guess it >>>>> might be that some algo module or kernel module is missing? >>>>> >>>>> ipsec.conf >>>>> http://pastebin.com/WsBDWvCC >>>>> >>>>> messages from ipsec up >>>>> http://pastebin.com/iDxisnVt >>>>> >>>>> ipsec statusall >>>>> http://pastebin.com/CH6bQGYL >>>>> >>>>> output of lsmod >>>>> http://pastebin.com/7NJD0Mxa >>>>> >>>>> I have googled as hard as I can't, but didn't find any thing useful. I >>>>> tried kernel-libipsec, but unfortunately it doesn't support transport >>>>> mode. So I'm at my wits end. Could some one help me identify the missing >>>>> part? >>>>> >>>>> Thanks in advance. >>>>> >>>>> >>>>> _______________________________________________ >>>>> Users mailing list >>>>> [email protected] >>>>> https://lists.strongswan.org/mailman/listinfo/users >> >>> >>> _______________________________________________ >>> Users mailing list >>> [email protected] >>> https://lists.strongswan.org/mailman/listinfo/users >> > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJViuzOAAoJEDg5KY9j7GZYpgcP/1DMKUt952SyFsSMOksR9CQJ > NUX0ieuBV/yVjW7N++28p7wlcCts1Mm143zAI3mjR2/YT2YujvjvItS1P1fHUyJ/ > EtthBFqcqSvPAlGwJClCBqHvRfHP7k7NXi7GLF6pMTxtY3hPKBKQAn8m4wqaY+NU > G4OFoT0l/cCLbdQsrf87jJ01Xp74dkpncl3hexhTnyfFjJOysrvxC7BYYmYOYmu9 > AiZW3YS9byXYDLTfwfo/H//m/GeCpQcQHp0uAXkGEVB77i9GIlFvAj0lGPb9/cuN > mcqHn9AFXiKr71jAVWOYX3eCN2WqbJOO1y9JJq9WD+syx3dGyKlVa/w6c+xE8tTm > w62fLUE0sXGdtRK4FOT+q4PtH2QuY5IP16l+Y93LQl9+f8nz6Pe3Rmn4X29h4maD > C9DIxc9Gecw/b9g/kxTyjCf41UxuLpRg0CZ1JYsVhaEEYgk7LcKlrAT9fc2QWhTK > Kp5tIOzeHkiQ9sWdyTIsLS8yJlHUXKmwXUQ3nfLRi1IJPkc+Sggs6nlebR+vW7zE > DrlUMMQnye69v+MAxMBHzHDDzH1PNGtbXbojwbtoPXDjnG2FGB7sPqJ2IY9qFf2J > fx2FRqocNPls20VQHWs9sQTOAweg9ptxKj1P7X5WZEYE7PC0FdKf3oZcqISfk5xw > o617eyUW0S3MVhW6I8TJ > =1Hvn > -----END PGP SIGNATURE----- >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
