[Swan] klips_error:ipsec_xmit_encap_init
Erik Andersson
erik at ingate.com
Mon Feb 22 17:12:20 UTC 2016
Hi all,
I'm running libreswan 3.15 on centos 7. I'm trying to setup a
IPv6-in-IPv4 tunnel according to the following configuration:
version 2.0
config setup
protostack=klips
interfaces="ipsec0=eth0"
conn mytunnel
authby=secret
right=10.48.28.60
left=10.48.28.70
rightsubnet=2001:470:dc8c:5000::/64
leftsubnet=2001:470:dc8c:4000::/64
connaddrfamily=ipv6
type=tunnel
pfs=yes
The SAs are create as expected:
000 Total IPsec connections: loaded 1, active 1
000
000 State Information: DDoS cookies not required, Accepting new IKE
connections
000 IKE SAs: total(1), half-open(0), open(0), authenticated(1), anonymous(0)
000 IPsec SAs: total(2), authenticated(2), anonymous(0)
000
000 #3: "mytunnel":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_REPLACE in 24662s; isakmp#2; idle; import:not set
000 #3: "mytunnel" esp.fc8b8f41 at 10.48.28.70 esp.a951a5fa at 10.48.28.60
tun.1000 at 10.48.28.70 tun.1001 at 10.48.28.60 ref=0 refhim=4294901761
Traffic:! ESPmax=4194303B
000 #4: "mytunnel":500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 24181s; newest IPSEC; eroute owner; isakmp#1; idle;
import:admin initiate
000 #4: "mytunnel" used 2678s ago; esp.fc8b8f42 at 10.48.28.70
esp.a951a5fb at 10.48.28.60 tun.1002 at 10.48.28.70 tun.1003 at 10.48.28.60 ref=0
refhim=4294901761 Traffic:! ESPmax=4194303B
000 #5: "mytunnel":500 STATE_MAIN_I4 (ISAKMP SA established);
EVENT_SA_REPLACE in 1378s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0);
idle; import:admin initiate
000
000 Bare Shunt list:
000
Sending and receiving ICMPv6 and UDP traffic between the two subnets
work. I've trouble with TCP connections. E.g. when starting a new ssh
connection from the the host 2001:470:dc8c:4000::20 (centos 7) to the
host 2001:470:dc8c:5000::20 (centos 7) several of these KLIPS errors are
printed in the kernel log (on both gateways):
[ 1731.562351] klips_error:ipsec_xmit_encap_init: tried to skb_put 29,
19 available. Retuning IPSEC_XMIT_ESP_PUSHPULLERR This should never
happen, please report.
[ 1731.768707] klips_error:ipsec_xmit_encap_init: tried to skb_put 29,
19 available. Retuning IPSEC_XMIT_ESP_PUSHPULLERR This should never
happen, please report.
[ 1731.975623] klips_error:ipsec_xmit_encap_init: tried to skb_put 29,
19 available. Retuning IPSEC_XMIT_ESP_PUSHPULLERR This should never
happen, please report.
No ssh login prompt is displayed on the client end. I've tried ftp with
similar result. Bump to libreswan 3.16 doesn't help.
Doing IPv4-in-IPv6 tunnel works fine. No KLIPS errors when using TCP.
Any ideas?
Thanks in advance,
/Erik
More information about the Swan
mailing list