[Openswan Users] [strongSwan] ERROR: netlink response for Add SA esp.383251e8 at 10.19.156.242 included errno 93: Protocol not supported

Paul Wouters paul at xelerance.com
Thu Dec 30 01:31:21 EST 2010


On Thu, 30 Dec 2010, Martin Mokrejs wrote:

> 003 "cisco-client" #2: ERROR: netlink response for Add SA esp.f964d92c at x.x.x.x included errno 93: Protocol not supported

Though nothing here points to ipv6....

>  Probably, the patch related to your issue went into 2.6.25 ...
> http://lists.openwall.net/netdev/2008/04/03/35 .
>  Another user hitting this issue was http://lists.openswan.org/pipermail/users/2005-October/006742.html
>
> My problem is that I am on 2.6.27.57 (which should contain the fix) and I do not think
> I am missing anything in my kernel .config (attached). :(

Note that ESP and TUNNEL support got split into ipv4 and ipv6 versions, so if
this was an ipv6 version, you would also need:

CONFIG_INET6_ESP=m
CONFIG_INET6_XFRM_TUNNEL=m
CONFIG_INET6_XFRM_MODE_TRANSPORT=m
CONFIG_INET6_XFRM_MODE_TUNNEL=m

If using compress=yes, you would also need:

CONFIG_INET6_IPCOMP=m

and you would need to modprobe the corresponding modules if you are not
using the openswan startup scripts.

However, all of this does not seem to be your problem though it would not
hurt to verify with ipv6 enabled as module just so we can rule this out.

It might be useful to see "ipsec verify" and "ipsec barf" to get more info
about your system state.

Paul


More information about the Users mailing list