[Openswan Users] [strongSwan] ERROR: netlink response for Add SA esp.383251e8 at 10.19.156.242 included errno 93: Protocol not supported

Michael H. Warfield mhw at WittsEnd.com
Wed Dec 29 20:30:59 EST 2010 

On Wed, 2010-12-29 at 20:24 -0500, Michael H. Warfield wrote:
> On Thu, 2010-12-30 at 02:51 +0100, Martin Mokrejs wrote:
> > Michael H. Warfield wrote:
> > > Hello,
> > > 
> > > On Thu, 2010-12-30 at 00:40 +0100, Martin Mokrejs wrote:
> > 
> > > The next obvious question is...  That bug is predicated on having IPv6
> > > disabled.  Have you somehow disabled IPv6 for some reason?  If so, WHY?
> > > The time for IPv4-only is now long past.  IANA is about to assign out
> > > the last IPv4 blocks it has and we're done.  I just flat out don't
> > > operate without IPv6 (and I have enough IPv6 only resources I depend on
> > > that I couldn't even if I wanted to).  I probably will NOT be able to
> > > help you if you are running with v6 disabled and have to for some
> > > strange reason.  It's no longer a viable configuration in my
> > > environment.
> 
> > /usr/share/doc/openswan-2.6.32/html/kernel.html
> 
> > <quote>
> >                              IPv6
> >                                      [optional] FreeS/WAN does not currently
> >                                      support IPv6, though work on integrating
> >                                      FreeS/WAN with the Linux IPv6 stack has
> >                                      begun. Details.
> > 
> >                                      It should be possible to use IPv4
> >                                      FreeS/WAN on a machine which also does
> >                                      IPv6. This combination is not yet well
> >                                      tested. We would be quite interested in
> >                                      hearing results from anyone expermenting
> >                                      with it, via the mailing list.
> 
> >                                      We do not recommend using IPv6 on
> >                                      production FreeS/WAN gateways until more
> >                                      testing has been done.
> > </quote>
> 
> Strange...  Just installed Openswan 2.6.32 and the doco on one of my
> server by rebuilding the rpm's on Fedora 14 and updating.  I don't have
> that file.

> Important thing to note is that it's "kernel.html" but Netkey is using
> the native kernel stack, NOT the KLIPs IPsec stack to which this file is
> referring (the old FreeS/WAN stack).  That entire file is NOT relevant
> to the Netkey stack and should be disregarded.

Thinking about this then, this does present a third option to you.  Drop
the use of Netkey entirely and disable it in the kernel and switch over
to the KLIPs IPsec stack from Openswan.  Personally, in my mind, this is
the least desirable option of the three but there are people on this
list that would consider it the most desirable option and the choices
could easily become a religious debate.  :-)=)

> Paul!  Can we get this clarified in the documentation please?  This is
> just entirely wrong for the Netkey mode of operation.

Regards
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20101229/5f29ae28/attachment.bin

More information about the Users mailing list