Date: Sun, 12 May 2019 16:35:55 +1000 From: Kubilay Kocak <koobs@FreeBSD.org> To: Alexandr Krivulya <shuriku@shurik.kiev.ua>, freebsd-current@FreeBSD.org Subject: Re: ipsec not working Message-ID: <fa46480f-837c-ad47-6101-fca61664d227@FreeBSD.org> In-Reply-To: <8922b0d4-3369-949f-edf5-861c743b8f7e@shurik.kiev.ua> References: <8922b0d4-3369-949f-edf5-861c743b8f7e@shurik.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/05/2019 4:20 pm, Alexandr Krivulya wrote: > Hi, > after upgrading from r347050 to r347483 ipsec tunel on my notebook does > not work any more. Connection is established as usual but no policies > are installed. > > 2019-05-12 09:12:10 00[DMN] Starting IKE charon daemon (strongSwan > 5.7.2, FreeBSD 13.0-CURRENT, amd64) > 2019-05-12 09:12:10 00[KNL] unable to set IPSEC_POLICY on socket: > Protocol not available > 2019-05-12 09:12:10 00[NET] installing IKE bypass policy failed > 2019-05-12 09:12:10 00[KNL] unable to set IPSEC_POLICY on socket: > Protocol not available > 2019-05-12 09:12:10 00[NET] installing IKE bypass policy failed > 2019-05-12 09:12:10 00[KNL] unable to set UDP_ENCAP: Invalid argument > 2019-05-12 09:12:10 00[NET] enabling UDP decapsulation for IPv6 on port > 4500 failed > 2019-05-12 09:12:10 00[KNL] unable to set IPSEC_POLICY on socket: > Protocol not available > 2019-05-12 09:12:10 00[NET] installing IKE bypass policy failed > 2019-05-12 09:12:10 00[KNL] unable to set IPSEC_POLICY on socket: > Protocol not available > 2019-05-12 09:12:10 00[NET] installing IKE bypass policy failed > 2019-05-12 09:12:10 00[KNL] unable to set UDP_ENCAP: Protocol not available > 2019-05-12 09:12:10 00[NET] enabling UDP decapsulation for IPv4 on port > 4500 failed > > ... > > 2019-05-12 09:12:10 01[CFG] <ikev2-client|1> selected proposal: > ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ > 2019-05-12 09:12:10 01[KNL] <ikev2-client|1> unable to add SAD entry > with SPI c96b2b97: Invalid argument (22) > 2019-05-12 09:12:10 01[KNL] <ikev2-client|1> unable to add SAD entry > with SPI cc951335: Invalid argument (22) > 2019-05-12 09:12:10 01[IKE] <ikev2-client|1> unable to install inbound > and outbound IPsec SA (SAD) in kernel > 2019-05-12 09:12:10 01[IKE] <ikev2-client|1> failed to establish > CHILD_SA, keeping IKE_SA See: https://svnweb.freebsd.org/changeset/base/347410 Ongoing thread: https://lists.freebsd.org/pipermail/svn-src-head/2019-May/124878.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fa46480f-837c-ad47-6101-fca61664d227>