Date: Sun, 12 May 2019 09:42:47 +0300 From: Alexandr Krivulya <shuriku@shurik.kiev.ua> To: koobs@FreeBSD.org, freebsd-current@FreeBSD.org Subject: Re: ipsec not working Message-ID: <95bf0c01-e6e8-4c4c-a151-78ce0e617220@shurik.kiev.ua> In-Reply-To: <fa46480f-837c-ad47-6101-fca61664d227@FreeBSD.org> References: <8922b0d4-3369-949f-edf5-861c743b8f7e@shurik.kiev.ua> <fa46480f-837c-ad47-6101-fca61664d227@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Ok, thank you. 12.05.19 09:35, Kubilay Kocak пишет: > On 12/05/2019 4:20 pm, Alexandr Krivulya wrote: >> Hi, >> after upgrading from r347050 to r347483 ipsec tunel on my notebook >> does not work any more. Connection is established as usual but no >> policies are installed. >> >> 2019-05-12 09:12:10 00[DMN] Starting IKE charon daemon (strongSwan >> 5.7.2, FreeBSD 13.0-CURRENT, amd64) >> 2019-05-12 09:12:10 00[KNL] unable to set IPSEC_POLICY on socket: >> Protocol not available >> 2019-05-12 09:12:10 00[NET] installing IKE bypass policy failed >> 2019-05-12 09:12:10 00[KNL] unable to set IPSEC_POLICY on socket: >> Protocol not available >> 2019-05-12 09:12:10 00[NET] installing IKE bypass policy failed >> 2019-05-12 09:12:10 00[KNL] unable to set UDP_ENCAP: Invalid argument >> 2019-05-12 09:12:10 00[NET] enabling UDP decapsulation for IPv6 on >> port 4500 failed >> 2019-05-12 09:12:10 00[KNL] unable to set IPSEC_POLICY on socket: >> Protocol not available >> 2019-05-12 09:12:10 00[NET] installing IKE bypass policy failed >> 2019-05-12 09:12:10 00[KNL] unable to set IPSEC_POLICY on socket: >> Protocol not available >> 2019-05-12 09:12:10 00[NET] installing IKE bypass policy failed >> 2019-05-12 09:12:10 00[KNL] unable to set UDP_ENCAP: Protocol not >> available >> 2019-05-12 09:12:10 00[NET] enabling UDP decapsulation for IPv4 on >> port 4500 failed >> >> ... >> >> 2019-05-12 09:12:10 01[CFG] <ikev2-client|1> selected proposal: >> ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ >> 2019-05-12 09:12:10 01[KNL] <ikev2-client|1> unable to add SAD entry >> with SPI c96b2b97: Invalid argument (22) >> 2019-05-12 09:12:10 01[KNL] <ikev2-client|1> unable to add SAD entry >> with SPI cc951335: Invalid argument (22) >> 2019-05-12 09:12:10 01[IKE] <ikev2-client|1> unable to install >> inbound and outbound IPsec SA (SAD) in kernel >> 2019-05-12 09:12:10 01[IKE] <ikev2-client|1> failed to establish >> CHILD_SA, keeping IKE_SA > > See: > > https://svnweb.freebsd.org/changeset/base/347410 > > Ongoing thread: > > https://lists.freebsd.org/pipermail/svn-src-head/2019-May/124878.html >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?95bf0c01-e6e8-4c4c-a151-78ce0e617220>