The driver is already loaded, How do I enable it instead of kernel-libipsec.
any Jul 15 19:25:54 saturn charon: 00[LIB] loaded plugins: charon aes des blowfish r c2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf xcbc cmac hmac attr kernel- pfkey kernel-pfroute resolve socket-default stroke updown eap-identity eap-md5 e ap-mschapv2 eap-tls eap-ttls eap-peap xauth-generic whitelist addrblock Regards, Randy On Fri, Jul 17, 2015 at 7:20 AM, Randy Wyatt <[email protected]> wrote: > Tobias, > > > On Fri, Jul 17, 2015 at 12:43 AM, Tobias Brunner <[email protected]> > wrote: > >> Hi Randy, >> >> > Jul 15 19:50:14 saturn charon: 01[KNL] can't install route for >> > 70.209.XXX.YYY/32[ >> > udp/l2f] === 104.236.XXX.YYY/32[udp/l2f] in, conflicts with IKE traffic >> >> You seem to be using the kernel-libipsec plugin. Why? Just use the >> kernel-pfkey and kernel-pfroute plugins. >> >> This package was installed from the binary (pkg install strongswan). > I will check and compile from source. > > > and the dmesg has the following error: >> > ipsec_common_input: no key association found for SA >> > 104.236.XXX.YYY/c5979d22/50 >> >> That's because the kernel has no knowledge of any IPsec SAs as the >> kernel-libipsec plugin creates them in userland. >> >> > How do I resolve this? It's for L2TP, and I have no choice. >> >> How so? What's your client? >> > Windows 7. I only have to support 1 client at a time. I am moving all > services to a cheaper box. > > >> >> Regards, >> Tobias >> >> > Thank you, > Regards, > Randy > > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
