Karthikeyan G-TLS,Chennai
2009-01-19 08:27:07 UTC
Hello,
I am trying to establish a tunnel between two hosts using null
encryption in esp.
I did the configuration given in
http://www.strongswan.org/uml/testresults42/ikev2/esp-alg-null/
I am getting the following errors when I try to stroke up the
connection(testing):
Carol console error:
[***@HDCHCTVDVP1757 etc]# /usr/local/sbin/ipsec stroke up testing
initiating IKE_SA testing[1] to 10.100.12.198
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 10.100.12.21[500] to 10.100.12.198[500]
received packet: from 10.100.12.198[500] to 10.100.12.21[500]
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
CERTREQ ]
received cert request for "C=IN, ST=TN, L=che, O=HCL, OU=HCL1,
CN=host212, E=mail"
sending cert request for "C=IN, ST=TN, L=che, O=HCL, OU=HCL1,
CN=host212, E=mail"
authentication of 'C=IN, ST=TN, L=che, O=HCL, OU=HCL1, CN=host212,
E=mail' (myself) with RSA signature successful
establishing CHILD_SA testing
generating IKE_AUTH request 1 [ IDi CERTREQ IDr AUTH SA TSi TSr
N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
sending packet: from 10.100.12.21[4500] to 10.100.12.198[4500]
received packet: from 10.100.12.198[4500] to 10.100.12.21[4500]
parsed IKE_AUTH response 1 [ IDr AUTH N(AUTH_LFT) N(MOBIKE_SUP)
N(NO_ADD_ADDR) N(NO_PROP) ]
using trusted certificate "C=IN, ST=TN, L=che, O=HCL, OU=HCL1,
CN=host212, E=mail"
authentication of 'C=IN, ST=TN, L=che, O=HCL, OU=HCL1, CN=host212,
E=mail' with RSA signature successful
scheduling reauthentication in 10035s
maximum IKE_SA lifetime 10575s
IKE_SA testing[1] established between 10.100.12.21[C=IN, ST=TN, L=che,
O=HCL, OU=HCL1, CN=host212, E=mail]...10.100.12.198[C=IN, ST=TN, L=che,
O=HCL, OU=HCL1, CN=host212, E=mail]
received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
moon console output:
[***@CELESTICARRH-CVS etc]# /usr/local/sbin/ipsec stroke up testing
initiating IKE_SA testing[1] to 10.100.12.21
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 10.100.12.198[500] to 10.100.12.21[500]
retransmit 1 of request with message ID 0
sending packet: from 10.100.12.198[500] to 10.100.12.21[500]
retransmit 2 of request with message ID 0
sending packet: from 10.100.12.198[500] to 10.100.12.21[500]
received packet: from 10.100.12.21[500] to 10.100.12.198[500]
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
CERTREQ ]
received cert request for "C=IN, ST=TN, L=che, O=HCL, OU=HCL1,
CN=host212, E=mail"
received cert request for unknown ca with keyid
26:2e:c1:84:56:c4:7f:51:11:76:75:e4:6f:f7:24:62:1e:04:04:34
sending cert request for "C=IN, ST=TN, L=che, O=HCL, OU=HCL1,
CN=host212, E=mail"
authentication of 'C=IN, ST=TN, L=che, O=HCL, OU=HCL1, CN=host212,
E=mail' (myself) with RSA signature successful
establishing CHILD_SA testing
generating IKE_AUTH request 1 [ IDi CERTREQ IDr AUTH SA TSi TSr
N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
sending packet: from 10.100.12.198[4500] to 10.100.12.21[4500]
received packet: from 10.100.12.21[4500] to 10.100.12.198[4500]
parsed IKE_AUTH response 1 [ IDr AUTH SA TSi TSr N(AUTH_LFT)
N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
using trusted certificate "C=IN, ST=TN, L=che, O=HCL, OU=HCL1,
CN=host212, E=mail"
authentication of 'C=IN, ST=TN, L=che, O=HCL, OU=HCL1, CN=host212,
E=mail' with RSA signature successful
scheduling reauthentication in 9722s
maximum IKE_SA lifetime 10262s
IKE_SA testing[1] established between 10.100.12.198[C=IN, ST=TN, L=che,
O=HCL, OU=HCL1, CN=host212, E=mail]...10.100.12.21[C=IN, ST=TN, L=che,
O=HCL, OU=HCL1, CN=host212, E=mail]
received netlink error: Function not implemented (38)
unable to add SAD entry with SPI c9e381ab
unable to install IPsec SA (SAD) in kernel
Can you please give some solution for the errors ?
Thanks
Karthik
DISCLAIMER:
-----------------------------------------------------------------------------------------------------------------------
The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only.
It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in
this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates.
Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of
this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have
received this email in error please delete it and notify the sender immediately. Before opening any mail and
attachments please check them for viruses and defect.
-----------------------------------------------------------------------------------------------------------------------
I am trying to establish a tunnel between two hosts using null
encryption in esp.
I did the configuration given in
http://www.strongswan.org/uml/testresults42/ikev2/esp-alg-null/
I am getting the following errors when I try to stroke up the
connection(testing):
Carol console error:
[***@HDCHCTVDVP1757 etc]# /usr/local/sbin/ipsec stroke up testing
initiating IKE_SA testing[1] to 10.100.12.198
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 10.100.12.21[500] to 10.100.12.198[500]
received packet: from 10.100.12.198[500] to 10.100.12.21[500]
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
CERTREQ ]
received cert request for "C=IN, ST=TN, L=che, O=HCL, OU=HCL1,
CN=host212, E=mail"
sending cert request for "C=IN, ST=TN, L=che, O=HCL, OU=HCL1,
CN=host212, E=mail"
authentication of 'C=IN, ST=TN, L=che, O=HCL, OU=HCL1, CN=host212,
E=mail' (myself) with RSA signature successful
establishing CHILD_SA testing
generating IKE_AUTH request 1 [ IDi CERTREQ IDr AUTH SA TSi TSr
N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
sending packet: from 10.100.12.21[4500] to 10.100.12.198[4500]
received packet: from 10.100.12.198[4500] to 10.100.12.21[4500]
parsed IKE_AUTH response 1 [ IDr AUTH N(AUTH_LFT) N(MOBIKE_SUP)
N(NO_ADD_ADDR) N(NO_PROP) ]
using trusted certificate "C=IN, ST=TN, L=che, O=HCL, OU=HCL1,
CN=host212, E=mail"
authentication of 'C=IN, ST=TN, L=che, O=HCL, OU=HCL1, CN=host212,
E=mail' with RSA signature successful
scheduling reauthentication in 10035s
maximum IKE_SA lifetime 10575s
IKE_SA testing[1] established between 10.100.12.21[C=IN, ST=TN, L=che,
O=HCL, OU=HCL1, CN=host212, E=mail]...10.100.12.198[C=IN, ST=TN, L=che,
O=HCL, OU=HCL1, CN=host212, E=mail]
received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
moon console output:
[***@CELESTICARRH-CVS etc]# /usr/local/sbin/ipsec stroke up testing
initiating IKE_SA testing[1] to 10.100.12.21
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 10.100.12.198[500] to 10.100.12.21[500]
retransmit 1 of request with message ID 0
sending packet: from 10.100.12.198[500] to 10.100.12.21[500]
retransmit 2 of request with message ID 0
sending packet: from 10.100.12.198[500] to 10.100.12.21[500]
received packet: from 10.100.12.21[500] to 10.100.12.198[500]
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
CERTREQ ]
received cert request for "C=IN, ST=TN, L=che, O=HCL, OU=HCL1,
CN=host212, E=mail"
received cert request for unknown ca with keyid
26:2e:c1:84:56:c4:7f:51:11:76:75:e4:6f:f7:24:62:1e:04:04:34
sending cert request for "C=IN, ST=TN, L=che, O=HCL, OU=HCL1,
CN=host212, E=mail"
authentication of 'C=IN, ST=TN, L=che, O=HCL, OU=HCL1, CN=host212,
E=mail' (myself) with RSA signature successful
establishing CHILD_SA testing
generating IKE_AUTH request 1 [ IDi CERTREQ IDr AUTH SA TSi TSr
N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
sending packet: from 10.100.12.198[4500] to 10.100.12.21[4500]
received packet: from 10.100.12.21[4500] to 10.100.12.198[4500]
parsed IKE_AUTH response 1 [ IDr AUTH SA TSi TSr N(AUTH_LFT)
N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
using trusted certificate "C=IN, ST=TN, L=che, O=HCL, OU=HCL1,
CN=host212, E=mail"
authentication of 'C=IN, ST=TN, L=che, O=HCL, OU=HCL1, CN=host212,
E=mail' with RSA signature successful
scheduling reauthentication in 9722s
maximum IKE_SA lifetime 10262s
IKE_SA testing[1] established between 10.100.12.198[C=IN, ST=TN, L=che,
O=HCL, OU=HCL1, CN=host212, E=mail]...10.100.12.21[C=IN, ST=TN, L=che,
O=HCL, OU=HCL1, CN=host212, E=mail]
received netlink error: Function not implemented (38)
unable to add SAD entry with SPI c9e381ab
unable to install IPsec SA (SAD) in kernel
Can you please give some solution for the errors ?
Thanks
Karthik
DISCLAIMER:
-----------------------------------------------------------------------------------------------------------------------
The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only.
It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in
this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates.
Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of
this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have
received this email in error please delete it and notify the sender immediately. Before opening any mail and
attachments please check them for viruses and defect.
-----------------------------------------------------------------------------------------------------------------------