OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: jorgevisentini on June 30, 2017, 06:04:21 am

Title: IPsec - unable to query SAD entry with SPI
Post by: jorgevisentini on June 30, 2017, 06:04:21 am

Hello,

I have just closed 2 IPsec tunnels with a Fortinet and I am having communication with ping and other protocols, however I am getting the message below:

Jun 30 00:56:55 charon: 04 [KNL] unable to query SAD entry with SPI cc41f65b: No such file or directory (2)
Jun 30 00:55:43 charon: 08 [KNL] unable to query SAD entry with SPI cc41f65b: No such file or directory (2)
Jun 30 00:54:03 charon: 05 [KNL] unable to query SAD entry with SPI cc41f65b: No such file or directory (2)
Jun 30 00:49:56 charon: 05 [KNL] unable to query SAD entry with SPI cc41f65b: No such file or directory (2)
Jun 30 00:48:45 charon: 05 [KNL] unable to query SAD entry with SPI cc41f65b: No such file or directory (2)
Jun 30 00:47:15 charon: 12 [KNL] unable to query SAD entry with SPI cc41f65b: No such file or directory (2)
Jun 30 00:44:36 charon: 09 [KNL] unable to query SAD entry with SPI cc41f65b: No such file or directory (2)
Jun 30 00:44:09 charon: 15 [KNL] unable to query SAD entry with SPI cc41f65b: No such file or directory (2)

I am using AES128 and SHA-1 in all phases 1 and phases 2.

Does anyone know what can it be?

I'm using:
OPNsense 16.7.14_2-amd64
FreeBSD 10.3-RELEASE-p14
OpenSSL 1.0.2j 26 Sep 2016

Thanks!

Title: Re: IPsec - unable to query SAD entry with SPI
Post by: romain on July 05, 2017, 10:06:11 am

I have a similar trouble.

When the VPN is doing his rekey job, OPNsense are sometimes not able to delete SPI correctly but then the tunnel is up. However any traffic that goes through it.

I had to manually delete the tunnel and mount it again.

After, it could works for few hours / days.