[prev in list] [next in list] [prev in thread] [next in thread] 

List:       strongswan-users
Subject:    [strongSwan] Site to Site with PSK Error
From:       Chris Arnold <carnold () electrichendrix ! com>
Date:       2012-03-31 19:40:36
Message-ID: 119926232.42463.1333222836420.JavaMail.root () mail ! electrichendrix ! com
[Download RAW message or body]

StrongSwan 4.5.xx on SLES11 SP2. When running ipsec up net-net, i get:
/etc/init.d/ipsec start
Starting strongSwan 4.5.3 IPsec [starter]...
!! Your strongswan.conf contains manual plugin load options for
!! pluto and/or charon. This is recommended for experts only, see
!! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad

Here is the strongswan.conf load line:
charon {
    load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink \
socket-default updown  multiple_authentication = no

And in the charon.log file, i see:
Mar 31 15:29:34 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.5.3)
Mar 31 15:29:34 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Mar 31 15:29:34 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Mar 31 15:29:34 00[CFG] loading ocsp signer certificates from \
'/etc/ipsec.d/ocspcerts' Mar 31 15:29:34 00[CFG] loading attribute certificates from \
'/etc/ipsec.d/acerts' Mar 31 15:29:34 00[CFG] loading crls from '/etc/ipsec.d/crls'
Mar 31 15:29:34 00[CFG] loading secrets from '/etc/ipsec.secrets'
Mar 31 15:29:34 00[CFG]   loaded IKE secret for @servername.electricdomain.com
Mar 31 15:29:34 00[CFG]   loaded IKE secret for @servername.electricdomain.com %any
Mar 31 15:29:34 00[CFG]   loaded IKE secret for @servername.edensdomain.com
Mar 31 15:29:34 00[CFG]   loaded IKE secret for %any
Mar 31 15:29:34 00[CFG]   loaded IKE secret for 192.168.123.3
Mar 31 15:29:34 00[KNL] listening on interfaces:
Mar 31 15:29:34 00[KNL]   eth0
Mar 31 15:29:34 00[KNL]     192.168.123.3
Mar 31 15:29:34 00[KNL] received netlink error: Address family not supported by \
protocol (97) Mar 31 15:29:34 00[KNL] unable to create IPv6 routing table rule
Mar 31 15:29:34 00[LIB] plugin 'socket-default' failed to load: \
/usr/lib/ipsec/plugins/libstrongswan-socket-default.so: cannot open shared object \
file: No such file or directory Mar 31 15:29:34 00[DMN] loaded plugins: aes des sha1 \
sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown  Mar 31 15:29:34 \
00[JOB] spawning 16 worker threads Mar 31 15:29:34 06[NET] no socket implementation \
registered, receiving failed Mar 31 15:29:34 07[CFG] received stroke: add connection \
'net-net' Mar 31 15:29:34 07[CFG] left nor right host is our side, assuming \
left=local Mar 31 15:29:34 07[CFG] added configuration 'net-net'

Then running ipsec up net-net:
received stroke: initiate 'net-net'
Mar 31 15:33:18 10[IKE] initiating IKE_SA net-net[1] to pu.bl.ic.ip
Mar 31 15:33:18 10[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) \
N(NATD_D_IP) ] Mar 31 15:33:18 10[NET] sending packet: from (moon)pu.bl.ic.ip to \
(sun)pu.bl.ic.ip[500] Mar 31 15:33:18 05[NET] no socket implementation registered, \
sending failed Mar 31 15:33:22 11[IKE] retransmit 1 of request with message ID 0
Mar 31 15:33:22 11[NET] sending packet: from (moon)pu.bl.ic.ip to \
(sun)pu.bl.ic.ip[500] Mar 31 15:33:22 05[NET] no socket implementation registered, \
sending failed

It seems the socket-default plugin is causing the initial issue? \
/usr/lib/ipsec/plugins/libstrongswan-socket-default.so is NOT in that directory.

_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic