[Openswan Users] errno 22: Invalid argument and add_sa ipcomp failed

SCHNEIDER Benoit ton.ami.totoro at gmail.com
Tue Jul 12 03:44:55 EDT 2011 

Hi thanks for your answer.

We comment "compress=yes" But we steel having the message.
Actualy we have this message too: failed to install outgoing SA: 0

The VPN go up, but after few time, the second phase fall and we need to
restart the VPN.

Exempl of conf files:

conn vpn-name
        auth=esp
        ike=aes128-md5-modp1024
        authby=secret
        auto=route
        #compress=no
        pfs=no
        type=tunnel
        keylife=24h
        esp=null-md5
        left=public-ip-A
        leftid=public-ip-A
        leftsubnet=subnet-A
        right=public-ip-B
        rightid=public-ip-B
        rightsubnet=subnet-B

/etc/ipsec.d/examples/no_oe.conf

conn block
    auto=ignore

conn private
    auto=ignore

conn private-or-clear
    auto=ignore

conn clear-or-private
    auto=ignore

conn clear
    auto=ignore

conn packetdefault
    auto=ignore

/etc/ipsec.conf

# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.6 2006/10/19 03:49:46 paul Exp $

# This file:  /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5


version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        forwardcontrol=yes
        nat_traversal=yes
        uniqueids=no
        nhelpers=0

# Add connections here

# sample VPN connections, see /etc/ipsec.d/examples/

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

include /etc/ipsec.d/sites/*.conf


ipsec.secrets

public-ip-A public-ip-B : PSK "passkey"

lsmod:

Module                  Size  Used by
xfrm_user              16134  2
ah6                     3677  0
ah4                     3011  0
esp6                    3781  0
xfrm4_mode_beet         1519  0
xfrm4_tunnel            1201  0
xfrm4_mode_transport      982  0
xfrm6_mode_transport     1002  0
xfrm6_mode_ro            870  0
xfrm6_mode_beet         1358  0
ipcomp                  1356  0
ipcomp6                 1336  0
xfrm6_tunnel            4033  1 ipcomp6
af_key                 23286  0
esp4                    3985  3504
xfrm4_mode_tunnel       1264  7008
xfrm6_mode_tunnel       1196  3504
iptable_filter          1790  0
ip_tables               7706  1 iptable_filter
x_tables                8327  1 ip_tables
authenc                 4746  3504
deflate                 1315  0
zlib_deflate           15822  1 deflate
ctr                     2703  0
camellia               16843  0
cast5                  15593  0
rmd160                  9448  0
sha1_generic            1395  0
hmac                    2033  7008
crypto_null             1876  3504
tunnel4                 1469  1 xfrm4_tunnel
xfrm_ipcomp             2855  2 ipcomp,ipcomp6
tunnel6                 1364  1 xfrm6_tunnel
rng_core                2178  0
ccm                     6017  0
serpent                16187  0
blowfish                7252  0
twofish                 5665  0
twofish_common         12560  1 twofish
ecb                     1405  0
xcbc                    1925  0
cbc                     2047  0
sha256_generic         10748  0
sha512_generic          8009  0
des_generic            15027  0
aes_i586                6816  0
aes_generic            25738  1 aes_i586
loop                    9729  0
radeon                511356  0
ttm                    33258  1 radeon
drm_kms_helper         18533  1 radeon
drm                   111844  3 radeon,ttm,drm_kms_helper
i3200_edac              2311  0
i2c_i801                6462  0
container               1833  0
i2c_algo_bit            3497  1 radeon
i2c_core               12751  5
radeon,drm_kms_helper,drm,i2c_i801,i2c_algo_bit
edac_core              23121  2 i3200_edac
snd_pcm                47226  0
snd_timer              12258  1 snd_pcm
snd                    34387  2 snd_pcm,snd_timer
soundcore               3450  1 snd
snd_page_alloc          4977  1 snd_pcm
pcspkr                  1207  0
evdev                   5609  2
parport_pc             15799  0
parport                22554  1 parport_pc
button                  3598  0
shpchp                 21220  0
pci_hotplug            18065  1 shpchp
video                  14605  0
output                  1204  1 video
psmouse                44777  0
serio_raw               2916  0
processor              26259  0
ext3                   93944  6
jbd                    31965  1 ext3
mbcache                 3762  1 ext3
sd_mod                 25937  8
crc_t10dif              1012  1 sd_mod
usbhid                 27872  0
hid                    50841  1 usbhid
uhci_hcd               15989  0
ata_generic             2247  0
ata_piix               17704  0
it8213                  1996  0
floppy                 40923  0
ide_core               59306  1 it8213
3w_xxxx                18465  7
libata                115617  2 ata_generic,ata_piix
thermal                 9206  0
thermal_sys             9378  3 video,processor,thermal
scsi_mod              104593  3 sd_mod,3w_xxxx,libata
ehci_hcd               28453  0
e1000e                 97529  0
usbcore                98613  4 usbhid,uhci_hcd,ehci_hcd
nls_base                4541  1 usbcore

Thanks for helping.

Benoit

2011/7/12 Paul Wouters <paul at xelerance.com>

> On Mon, 11 Jul 2011, SCHNEIDER Benoit wrote:
>
>  At my office we done a upgrade from a debian etch openswan version to a
>> sqeeze one, and we steel having some problem.
>> For some distant site we have this error:
>>
>> ERROR: netlink response for Add SA comp.9005 at XX.XX.XX.XX included errno
>> 22: Invalid argument
>> add_sa ipcomp failed
>>
>> Any idear of this problem ?
>>
>> We look to have a MTU problem too, any idear ?
>>
>
> Looks like a kernel with no ipcomp module loaded?
>
> Comment out compress=yes ?
>
> Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110712/61066855/attachment-0001.html

More information about the Users mailing list