Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
IPsec - unable to query SAD entry with SPI
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPsec - unable to query SAD entry with SPI (Read 12410 times)
jorgevisentini
Jr. Member
Posts: 75
Karma: 6
IPsec - unable to query SAD entry with SPI
«
on:
June 30, 2017, 06:04:21 am »
Hello,
I have just closed 2 IPsec tunnels with a Fortinet and I am having communication with ping and other protocols, however I am getting the message below:
Jun 30 00:56:55 charon: 04 [KNL] unable to query SAD entry with SPI cc41f65b: No such file or directory (2)
Jun 30 00:55:43 charon: 08 [KNL] unable to query SAD entry with SPI cc41f65b: No such file or directory (2)
Jun 30 00:54:03 charon: 05 [KNL] unable to query SAD entry with SPI cc41f65b: No such file or directory (2)
Jun 30 00:49:56 charon: 05 [KNL] unable to query SAD entry with SPI cc41f65b: No such file or directory (2)
Jun 30 00:48:45 charon: 05 [KNL] unable to query SAD entry with SPI cc41f65b: No such file or directory (2)
Jun 30 00:47:15 charon: 12 [KNL] unable to query SAD entry with SPI cc41f65b: No such file or directory (2)
Jun 30 00:44:36 charon: 09 [KNL] unable to query SAD entry with SPI cc41f65b: No such file or directory (2)
Jun 30 00:44:09 charon: 15 [KNL] unable to query SAD entry with SPI cc41f65b: No such file or directory (2)
I am using AES128 and SHA-1 in all phases 1 and phases 2.
Does anyone know what can it be?
I'm using:
OPNsense 16.7.14_2-amd64
FreeBSD 10.3-RELEASE-p14
OpenSSL 1.0.2j 26 Sep 2016
Thanks!
Logged
romain
Full Member
Posts: 101
Karma: 9
Re: IPsec - unable to query SAD entry with SPI
«
Reply #1 on:
July 05, 2017, 10:06:11 am »
I have a similar trouble.
When the VPN is doing his rekey job, OPNsense are sometimes not able to delete SPI correctly but then the tunnel is up. However any traffic that goes through it.
I had to manually delete the tunnel and mount it again.
After, it could works for few hours / days.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
IPsec - unable to query SAD entry with SPI