Hi,
I am getting an error "unable to set UDP_ENCAP: Invalid argument" when I run charon in Freebsd-13.2.
From some old mail threads about the same issue - https://wiki.strongswan.org/issues/582 , the only answer I got was that "option IPSec_NAT_T" is not likely to have been enabled. But in Freebsd-13.2 I find that it is enabled:
But then why does it still come ?
Thanks,
Rupa.
I am getting an error "unable to set UDP_ENCAP: Invalid argument" when I run charon in Freebsd-13.2.
Code:
root@Freebsd-13:/usr/local/etc # /usr/local/libexec/ipsec/charon
00[DMN] Starting IKE charon daemon (strongSwan 5.8.2, FreeBSD 13.2-RELEASE, amd64)
[B]00[KNL] unable to set UDP_ENCAP: Invalid argument
00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed[/B]
00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'
00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
00[LIB] loaded plugins: charon random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp vici attr kernel-pfkey kernel-pfroute resolve socket-default stroke updown xauth-generic counters
00[JOB] spawning 16 worker threadsFrom some old mail threads about the same issue - https://wiki.strongswan.org/issues/582 , the only answer I got was that "option IPSec_NAT_T" is not likely to have been enabled. But in Freebsd-13.2 I find that it is enabled:
Code:
root@Freebsd-13:/usr/local/etc # sysctl -A | grep kern.features.ipsec
kern.features.ipsec_natt: 1
kern.features.ipsec: 1
root@Freebsd-13:/usr/local/etc #Thanks,
Rupa.
