[Openswan Users] [strongSwan] ERROR: netlink response for Add SA esp.383251e8 at included errno 93: Protocol not supported

Michael H. Warfield mhw at WittsEnd.com
Wed Dec 29 20:24:43 EST 2010

On Thu, 2010-12-30 at 02:51 +0100, Martin Mokrejs wrote:
> Michael H. Warfield wrote:
> > Hello,
> > 
> > On Thu, 2010-12-30 at 00:40 +0100, Martin Mokrejs wrote:
> > The next obvious question is...  That bug is predicated on having IPv6
> > disabled.  Have you somehow disabled IPv6 for some reason?  If so, WHY?
> > The time for IPv4-only is now long past.  IANA is about to assign out
> > the last IPv4 blocks it has and we're done.  I just flat out don't
> > operate without IPv6 (and I have enough IPv6 only resources I depend on
> > that I couldn't even if I wanted to).  I probably will NOT be able to
> > help you if you are running with v6 disabled and have to for some
> > strange reason.  It's no longer a viable configuration in my
> > environment.

> /usr/share/doc/openswan-2.6.32/html/kernel.html

> <quote>
>                              IPv6
>                                      [optional] FreeS/WAN does not currently
>                                      support IPv6, though work on integrating
>                                      FreeS/WAN with the Linux IPv6 stack has
>                                      begun. Details.
>                                      It should be possible to use IPv4
>                                      FreeS/WAN on a machine which also does
>                                      IPv6. This combination is not yet well
>                                      tested. We would be quite interested in
>                                      hearing results from anyone expermenting
>                                      with it, via the mailing list.

>                                      We do not recommend using IPv6 on
>                                      production FreeS/WAN gateways until more
>                                      testing has been done.
> </quote>

Strange...  Just installed Openswan 2.6.32 and the doco on one of my
server by rebuilding the rpm's on Fedora 14 and updating.  I don't have
that file.
Important thing to note is that it's "kernel.html" but Netkey is using
the native kernel stack, NOT the KLIPs IPsec stack to which this file is
referring (the old FreeS/WAN stack).  That entire file is NOT relevant
to the Netkey stack and should be disregarded.

Paul!  Can we get this clarified in the documentation please?  This is
just entirely wrong for the Netkey mode of operation.

Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20101229/fc55646b/attachment-0001.bin 

More information about the Users mailing list