StrongSwan - can't install route for /32

mattmon

I'm running pfsense 2.2 x64 within a KVM virtual machine. Trying to establish tunnel to another KVM VPS hosting strongSwan.

pfSense is configured for block/net/mem virtIO per the wiki article

strongSwan server accepting IKEv2 +RSA

Other clients are connecting just fine, though pfSense fails with "can't install route … conflicts with IKE traffic"

The only other reference to this issue I've found is this strongSwan bugfix:
https://wiki.strongswan.org/issues/380

Can anyone help?

Here's debug output:

[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
[CFG] loaded ca certificate "C=US, O=mattmon, CN=IPSec Root CA" from '/var/etc/ipsec/ipsec.d/cacerts/643bf467.0'
[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
[CFG] received stroke: unroute 'con1'
[CFG] received stroke: delete connection 'con1'
[CFG] deleted connection 'con1'
[CFG] received stroke: add connection 'con1'
[LIB] created thread 22 [802521c00]
[LIB] created thread 22 [802521c00]
[CFG] added configuration 'con1'
[CFG] received stroke: route 'con1'
[KNL] can't install route for 17x.xxx.xxx.xxx/32|/0 === 192.168.22.168/32|/0 in, conflicts with IKE traffic

eri--

It seems something on yuor configuration is not proper.