[Swan] klips_error:ipsec_xmit_encap_init
Paul Wouters
paul at nohats.ca
Tue Feb 23 22:03:04 UTC 2016
On Mon, 22 Feb 2016, Erik Andersson wrote:
> Subject: [Swan] klips_error:ipsec_xmit_encap_init
> right=10.48.28.60
> left=10.48.28.70
> rightsubnet=2001:470:dc8c:5000::/64
> leftsubnet=2001:470:dc8c:4000::/64
> connaddrfamily=ipv6
> Sending and receiving ICMPv6 and UDP traffic between the two subnets work.
> I've trouble with TCP connections. E.g. when starting a new ssh connection
> from the the host 2001:470:dc8c:4000::20 (centos 7) to the host
> 2001:470:dc8c:5000::20 (centos 7) several of these KLIPS errors are printed
> in the kernel log (on both gateways):
>
> [ 1731.562351] klips_error:ipsec_xmit_encap_init: tried to skb_put 29, 19
> available. Retuning IPSEC_XMIT_ESP_PUSHPULLERR This should never happen,
> please report.
> [ 1731.768707] klips_error:ipsec_xmit_encap_init: tried to skb_put 29, 19
> available. Retuning IPSEC_XMIT_ESP_PUSHPULLERR This should never happen,
> please report.
> [ 1731.975623] klips_error:ipsec_xmit_encap_init: tried to skb_put 29, 19
> available. Retuning IPSEC_XMIT_ESP_PUSHPULLERR This should never happen,
> please report.
David might know more about this.
> Doing IPv4-in-IPv6 tunnel works fine. No KLIPS errors when using TCP.
Is there a compelling reason for you to prefer KLIPS over NETKEY/XFRM ?
Paul
More information about the Swan
mailing list