[support] IKEv2 with strongswan

dfg dfg abxccd at msn.com
Mon Feb 8 09:36:50 JST 2010 

Hi everyone,
 
Does anyone have a quick guide to setting up IKEv2 using the umip daemon and strongswan?
 
I have downloaded the latest git source from http://www.umip.org as well as patched it with the latest patches from the git repository from that site. The migrate2 patch was applied successfully. 
 
However, I attempted to implement ipsec by following http://wiki.strongswan.org/wiki/strongswan/MobileIPv6.
 
I was able to compile and run umip successfully without ipsec. Binding updates would work successfully. However, it seems that I keep getting this error: installing trap failed, local address unknown
 
I think this is because ip6tnl1 appears only after strongswan has started. I have tried starting umip before strongswan, but that did not work either. I have heard that the timing of starting umip and strongswan is quite tricky. What I have done is that in my start up script, I start strongswan first, then umip next, assuming that the daemons will be started quicker in succession than manually. This did not work though.
 
I have attached my strongswan log below:
 
01[DMN] Starting IKEv2 charon daemon (strongSwan 4.3.5)
01[KNL] listening on interfaces:
01[KNL] eth001[KNL] fe80::a00:27ff:fe09:269a01[KNL] eth1
01[KNL] fe80::a00:27ff:fe77:7cd
01[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
01[CFG] loaded ca certificate "C=XX, ST=XX, L=XX, O=XX, OU=XX, CN=Mobile IPv6 CA, E=ca at mobileipv6-testbench.com" from '/etc/ipsec.d/cacerts/strongswanCert.pem'
01[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
01[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
01[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
01[CFG] loading crls from '/etc/ipsec.d/crls'
01[CFG] loaded crl from '/etc/ipsec.d/crls/strongswan.crl'
01[CFG] loading secrets from '/etc/ipsec.secrets'
01[CFG] loaded RSA private key from '/etc/ipsec.d/private/mobilenodeKey.pem'
01[DMN] loaded plugins: aes des sha1 sha2 md5 fips-prf random x509 pubkey pkcs1 pgp dnskey pem xcbc hmac gmp kernel-netlink stroke updown attr resolve 
01[JOB] spawning 16 worker threads
05[CFG] received stroke: add connection 'mh'
05[CFG] left nor right host is our side, assuming left=local
05[CFG] loaded certificate "C=XX, ST=XX, L=XX, O=XX, OU=XX, CN=mobilenode, E=mobilenode at mobileipv6-testbench.com" from 'mobilenodeCert.pem'
05[CFG] added configuration 'mh'05[CFG] received stroke: route 'mh'05[CFG] installing trap failed, local address unknown
05[CFG] received stroke: add connection 'tunnel'
05[CFG] left nor right host is our side, assuming left=local
05[CFG] loaded certificate "C=XX, ST=XX, L=XX, O=XX, OU=XX, CN=mobilenode, E=mobilenode at mobileipv6-testbench.com" from 'mobilenodeCert.pem'
05[CFG] added child to existing configuration 'mh'
05[CFG] received stroke: route 'tunnel'
05[CFG] installing trap failed, local address unknown
04[KNL] interface ip6tnl1 activated
04[KNL] fe80::a00:27ff:fe09:269a appeared on ip6tnl1
04[KNL] 2001:a:b::1 appeared on ip6tnl104[KNL] interface ip6tnl1 deactivated
04[KNL] 2001:a:b::1 disappeared from ip6tnl1
04[KNL] fe80::a00:27ff:fe09:269a disappeared from ip6tnl1
01[DMN] signal of type SIGINT received. Shutting down 

Any help appreciated :) 		 	   		  
_________________________________________________________________

More information about the Support mailing list