Hi, The problem is caused by either the kernel lacking the modules or you running strongSwan inside a container that does not have a working IPsec stack. Try rebooting. If that does not help, try loading the required modules manually. The wiki elaborates on both of those problems in the way of listing the names of the required modules[1] and discussing running strongSwan in the cloud[2].
There is also a dedicated article[3] about asking for help, which gives you guidance for helping yourself. Kind regards Noel [1] https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules#List-of-the-names-of-required-modules [2] https://wiki.strongswan.org/projects/strongswan/wiki/Cloudplatforms [3] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests On 26.09.2017 18:56, Olivier CALVANO wrote: > StrongSwan is dead ? > > No help of communauty > No answer of Strongswan commercial support > > > > > 2017-09-07 9:15 GMT+02:00 Olivier CALVANO <[email protected] > <mailto:[email protected]>>: > > Hi > > i have a problems on a new Site-to-Site configuration of Strongswan : > > > ipsec.conf: > > config setup > charondebug="knl 2, cfg 2" > > conn %default > ikelifetime=60m > keylife=20m > rekeymargin=3m > keyingtries=1 > authby=secret > keyexchange=ikev1 > mobike=no > > conn Galioppee > left=192.168.1.254 > leftsubnet=192.168.62.0/24 <http://192.168.62.0/24> > leftfirewall=no > leftid=192.168.1.254 > leftauth=psk > > right=172.16.1.254 > rightsubnet=192.168.163.0/24 <http://192.168.163.0/24> > rightid=172.16.1.254 > rightauth=psk > > type=tunnel > auto=start > ikelifetime=28800 > keylife=900 > aggressive=no > ike=aes256-sha1-modp1536! > esp=aes256-sha1-modp1536! > > > > i have change "auto=start" to "add" or "route" but same problems. > server: > > ifconfig > eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet 192.168.1.254.11 netmask 255.255.255.0 broadcast > 192.168.1.255 > > eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet 172.20.22.233 netmask 255.255.255.248 broadcast > 172.20.22.239 > > ipsec0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1400 > unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 > txqueuelen 500 (UNSPEC) > RX packets 0 bytes 0 (0.0 B) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 0 bytes 0 (0.0 B) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > route -n: > > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 0.0.0.0 192.168.1.1.1 0.0.0.0 UG 100 0 0 > eth1 > 172.20.22.232 0.0.0.0 255.255.255.248 U 100 0 0 > eth2 > 192.168.62.0 172.20.22.238 255.255.255.0 UG 0 0 0 > eth2 > 192.168.62.0 172.20.22.238 255.255.254.0 UG 0 0 0 > eth2 > > > > > in logs i have: > Sep 6 17:34:43 irys01 charon: 12[ENC] parsed QUICK_MODE request > 2463978021 [ HASH SA No KE ID ID ] > Sep 6 17:34:43 irys01 charon: 12[CFG] looking for a child config for > 192.168.62.0/24 <http://192.168.62.0/24> === 192.168.163.0/24 > <http://192.168.163.0/24> > Sep 6 17:34:43 irys01 charon: 12[CFG] proposing traffic selectors for us: > Sep 6 17:34:43 irys01 charon: 12[CFG] 192.168.62.0/24 > <http://192.168.62.0/24> > Sep 6 17:34:43 irys01 charon: 12[CFG] proposing traffic selectors for > other: > Sep 6 17:34:43 irys01 charon: 12[CFG] 192.168.163.0/24 > <http://192.168.163.0/24> > Sep 6 17:34:43 irys01 charon: 12[CFG] candidate "Galioppee" with prio > 5+5 > Sep 6 17:34:43 irys01 charon: 12[CFG] found matching child config > "Galioppee" with prio 10 > Sep 6 17:34:43 irys01 charon: 12[CFG] selecting traffic selectors for > other: > Sep 6 17:34:43 irys01 charon: 12[CFG] config: 192.168.163.0/24 > <http://192.168.163.0/24>, received: 192.168.163.0/24 > <http://192.168.163.0/24> => match: 192.168.163.0/24 <http://192.168.163.0/24> > Sep 6 17:34:43 irys01 charon: 12[CFG] selecting traffic selectors for us: > Sep 6 17:34:43 irys01 charon: 12[CFG] config: 192.168.62.0/24 > <http://192.168.62.0/24>, received: 192.168.62.0/24 <http://192.168.62.0/24> > => match: 192.168.62.0/24 <http://192.168.62.0/24> > Sep 6 17:34:43 irys01 charon: 12[CFG] selecting proposal: > Sep 6 17:34:43 irys01 charon: 12[CFG] proposal matches > Sep 6 17:34:43 irys01 charon: 12[CFG] received proposals: > ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1536/NO_EXT_SEQ > Sep 6 17:34:43 irys01 charon: 12[CFG] configured proposals: > ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1536/NO_EXT_SEQ > Sep 6 17:34:43 irys01 charon: 12[CFG] selected proposal: > ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1536/NO_EXT_SEQ > Sep 6 17:34:43 irys01 charon: 12[IKE] received 4608000000 lifebytes, > configured 0 > Sep 6 17:34:43 irys01 charon: 12[ENC] generating QUICK_MODE response > 2463978021 [ HASH SA No KE ID ID ] > Sep 6 17:34:43 irys01 charon: 12[NET] sending packet: from > 192.168.1.254[4500] to 172.16.1.254[4500] (396 bytes) > Sep 6 17:34:43 irys01 charon: 13[NET] received packet: from > 172.16.1.254[4500] to 192.168.1.254[4500] (60 bytes) > Sep 6 17:34:43 irys01 charon: 13[ENC] parsed QUICK_MODE request > 2463978021 [ HASH ] > Sep 6 17:34:43 irys01 charon: 13[KNL] getting a local address in traffic > selector 192.168.62.0/24 <http://192.168.62.0/24> > Sep 6 17:34:43 irys01 charon: 13[KNL] no local address found in traffic > selector 192.168.62.0/24 <http://192.168.62.0/24> > Sep 6 17:34:43 irys01 charon: 13[KNL] error installing route with policy > 192.168.62.0/24 <http://192.168.62.0/24> === 192.168.163.0/24 > <http://192.168.163.0/24> out > Sep 6 17:34:43 irys01 charon: 13[KNL] getting a local address in traffic > selector 192.168.62.0/24 <http://192.168.62.0/24> > Sep 6 17:34:43 irys01 charon: 13[KNL] no local address found in traffic > selector 192.168.62.0/24 <http://192.168.62.0/24> > Sep 6 17:34:43 irys01 charon: 13[KNL] error installing route with policy > 192.168.62.0/24 <http://192.168.62.0/24> === 192.168.163.0/24 > <http://192.168.163.0/24> out > Sep 6 17:34:43 irys01 charon: 13[IKE] unable to install IPsec policies > (SPD) in kernel > Sep 6 17:34:43 irys01 charon: 13[IKE] sending DELETE for ESP CHILD_SA > with SPI 16bcc04d > Sep 6 17:34:43 irys01 charon: 13[ENC] generating INFORMATIONAL_V1 > request 4069478722 <tel:%28406%29%20947-8722> [ HASH D ] > Sep 6 17:34:43 irys01 charon: 13[NET] sending packet: from > 192.168.1.254[4500] to 172.16.1.254[4500] (76 bytes) > Sep 6 17:36:12 irys01 charon: 15[NET] received packet: from > 172.16.1.254[4500] to 192.168.1.254[4500] (76 bytes) > Sep 6 17:36:12 irys01 charon: 15[ENC] parsed INFORMATIONAL_V1 request > 3827316135 [ HASH D ] > Sep 6 17:36:12 irys01 charon: 15[IKE] received DELETE for ESP CHILD_SA > with SPI 16bcc04d > Sep 6 17:36:12 irys01 charon: 15[IKE] CHILD_SA not found, ignored > > > Anyone know my errors ? > thanks > olivier > >
signature.asc
Description: OpenPGP digital signature
