On 12/05/2019 4:20 pm, Alexandr Krivulya wrote:
Hi,
after upgrading from r347050 to r347483 ipsec tunel on my notebook does
not work any more. Connection is established as usual but no policies
are installed.
2019-05-12 09:12:10 00[DMN] Starting IKE charon daemon (strongSwan
5.7.2, FreeBSD 13.0-CURRENT, amd64)
2019-05-12 09:12:10 00[KNL] unable to set IPSEC_POLICY on socket:
Protocol not available
2019-05-12 09:12:10 00[NET] installing IKE bypass policy failed
2019-05-12 09:12:10 00[KNL] unable to set IPSEC_POLICY on socket:
Protocol not available
2019-05-12 09:12:10 00[NET] installing IKE bypass policy failed
2019-05-12 09:12:10 00[KNL] unable to set UDP_ENCAP: Invalid argument
2019-05-12 09:12:10 00[NET] enabling UDP decapsulation for IPv6 on port
4500 failed
2019-05-12 09:12:10 00[KNL] unable to set IPSEC_POLICY on socket:
Protocol not available
2019-05-12 09:12:10 00[NET] installing IKE bypass policy failed
2019-05-12 09:12:10 00[KNL] unable to set IPSEC_POLICY on socket:
Protocol not available
2019-05-12 09:12:10 00[NET] installing IKE bypass policy failed
2019-05-12 09:12:10 00[KNL] unable to set UDP_ENCAP: Protocol not available
2019-05-12 09:12:10 00[NET] enabling UDP decapsulation for IPv4 on port
4500 failed
...
2019-05-12 09:12:10 01[CFG] <ikev2-client|1> selected proposal:
ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
2019-05-12 09:12:10 01[KNL] <ikev2-client|1> unable to add SAD entry
with SPI c96b2b97: Invalid argument (22)
2019-05-12 09:12:10 01[KNL] <ikev2-client|1> unable to add SAD entry
with SPI cc951335: Invalid argument (22)
2019-05-12 09:12:10 01[IKE] <ikev2-client|1> unable to install inbound
and outbound IPsec SA (SAD) in kernel
2019-05-12 09:12:10 01[IKE] <ikev2-client|1> failed to establish
CHILD_SA, keeping IKE_SA
See:
https://svnweb.freebsd.org/changeset/base/347410
Ongoing thread:
https://lists.freebsd.org/pipermail/svn-src-head/2019-May/124878.html
_______________________________________________
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"