StrongSwan - can't install route for /32



  • I'm running pfsense 2.2 x64 within a KVM virtual machine. Trying to establish tunnel to another KVM VPS hosting strongSwan.

    pfSense is configured for block/net/mem virtIO per the wiki article

    strongSwan server accepting IKEv2 +RSA

    Other clients are connecting just fine, though pfSense fails with "can't install route … conflicts with IKE traffic"

    The only other reference to this issue I've found is this strongSwan bugfix:
    https://wiki.strongswan.org/issues/380

    Can anyone help?

    Here's debug output:

    [CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
    [CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
    [CFG] loaded ca certificate "C=US, O=mattmon, CN=IPSec Root CA" from '/var/etc/ipsec/ipsec.d/cacerts/643bf467.0'
    [CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
    [CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
    [CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
    [CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
    [CFG] received stroke: unroute 'con1'
    [CFG] received stroke: delete connection 'con1'
    [CFG] deleted connection 'con1'
    [CFG] received stroke: add connection 'con1'
    [LIB] created thread 22 [802521c00]
    [LIB] created thread 22 [802521c00]
    [CFG] added configuration 'con1'
    [CFG] received stroke: route 'con1'
    [KNL] can't install route for 17x.xxx.xxx.xxx/32|/0 === 192.168.22.168/32|/0 in, conflicts with IKE traffic



  • It seems something on yuor configuration is not proper.