[strongSwan] Strongswan[5.4.0] unix:///var/run/charon.vici
Andreas Steffen
andreas.steffen at strongswan.org
Wed May 11 15:18:40 CEST 2016
Hi Rajeev,
there seems something wrong with your user certificate.
You can configure the charon daemon dynamically using the
VICI interface. There are VICI bindings for the Perl, Ruby
and Python script languages which can be used by your
IPsec management application to communicate with the
charon daemon. For details have a look at
https://github.com/strongswan/strongswan/blob/master/src/libcharon/plugins/vici/README.md
If you intend to write your management application in C or C++
then consider the DAVICI library:
https://github.com/strongswan/davici/blob/master/README.md
Regards
Andreas
On 11.05.2016 13:50, rajeev nohria wrote:
> Andreas,
>
> I appreciate helping me out. Now I am making progress with Charon
> running, Not sure why it was stopping before. I am getting following
> error now, I am going over my config files. Hopefully I will find the
> issue.
>
> rnohria at ubuntu:~$ sudo swanctl --load-conns
> 06[LIB] OpenSSL X.509 parsing failed
> 06[LIB] building CRED_CERTIFICATE - X509 failed, tried 4 builders
> loading connection 'rw' failed: invalid value for: certs, config discarded
> loaded 0 of 1 connections, 1 failed to load, 0 unloaded
>
>
> Question:
>
> Can I use Strongswan to make connections dynamically, not via config
> file. For config file we need to know information beforehand. If I don't
> know all the information beforehand like local and remote IP address. Is
> there any interface exist in Strongswan to support dynamic connection.
>
> Thanks,
> Rajeev
>
>
>
>
>
> On Wed, May 11, 2016 at 4:41 AM, Andreas Steffen
> <andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>>
> wrote:
>
> Hi Rajeev,
>
> try running charon in the foreground:
>
> sudo /usr/local/libexec/ipsec/charon
>
> and check for error messages in the console window.
>
> Cheers Andreas
>
> On 11.05.2016 11:53, rajeev nohria wrote:
>
> Andreas,
>
> It seems like Charon daemon is not running, When I run the charon
> command, it immediately stops it. Where can I find the charon
> log to see
> if there is any issue?
>
> rnohria at ubuntu:~$ sudo /usr/local/libexec/ipsec/charon&
> [1] 7272
> rnohria at ubuntu:~$
>
> [1]+ Stopped sudo /usr/local/libexec/ipsec/charon
>
> Thanks,
> Rajeev
>
>
> On Wed, May 11, 2016 at 2:55 AM, Andreas Steffen
> <andreas.steffen at strongswan.org
> <mailto:andreas.steffen at strongswan.org>
> <mailto:andreas.steffen at strongswan.org
> <mailto:andreas.steffen at strongswan.org>>>
> wrote:
>
> Hi Rajeev,
>
> can you check in the charon log if the vici plugin has been
> loaded?
> And do you see the charon daemon running in the process status
> (ps aux | grep charon)?
>
> Regards
>
> Andreas
>
> On 05/11/2016 04:04 AM, rajeev nohria wrote:
> > Thanks Andreas,
> >
> > I ran the charon and also copied the charon script file to
> /etc/init.d.
> > Now when I run sudo swanctl --load-conn, I still get the
> same issue.
> > connecting to 'unix:///var/run/charon.vici' failed: No
> such file or
> > directory
> > Error: connecting to 'default' URI failed: No such file or
> directory
> > strongSwan 5.4.0 swanctl
> > usage:
> > swanctl --load-conns [--raw|--pretty]
> > --help (-h) show usage information
> > --raw (-r) dump raw response message
> > --pretty (-P) dump raw response
> message in pretty print
> > --debug (-v) set debug level, default: 1
> > --options (-+) read command line
> options from file
> > --uri (-u) service URI to connect to
> >
> >
> > Am I missing any other step?
> >
> > Thanks,
> > Rajeev
> >
> > On Tue, May 10, 2016 at 3:59 AM, Andreas Steffen
> > <andreas.steffen at strongswan.org
> <mailto:andreas.steffen at strongswan.org>
> <mailto:andreas.steffen at strongswan.org
> <mailto:andreas.steffen at strongswan.org>>
> <mailto:andreas.steffen at strongswan.org
> <mailto:andreas.steffen at strongswan.org>
>
> <mailto:andreas.steffen at strongswan.org
> <mailto:andreas.steffen at strongswan.org>>>>
> > wrote:
> >
> > Hi Rajeev,
> >
> > is the charon daemon running? If not, either start charon
> manually:
> >
> > sudo /usr/local/libexec/ipsec/charon &
> >
> > or if your Linux distribution still uses upstart,
> copy the
> > following script to /etc/init.d/
> >
> >
> >
>
> https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/testing/hosts/default/etc/init.d/charon
> >
> > and start the charon daemon in the appropriate runlevels.
> >
> > If your Linux distribution uses systemd instead,
> compile and
> > install strongSwan with
> >
> > ./config --enable-systemd
> >
> > and enable and start the strongswan-swanctl service.
> >
> > BTW - in order to use the vici socket you must be
> root. Thus
> >
> > sudo swanctl --load-conn
> >
> > Best regards
> >
> > Andreas
> >
> >
> > On 09.05.2016 16:34, rajeev nohria wrote:
> >
> > I am new user of Strongswan and running 5.4.0.
> After creating
> > certificates and configuring two Ubuntu m/c with
> Strongswan
> > 5.4.0. I try
> > to create connection as following and get error.
> Please
> advise,
> > how to
> > resolve following issue?
> >
> > $swanctl --load-conn
> > connecting to 'unix:///var/run/charon.vici'
> failed: No
> such file or
> > directory
> > Error: connecting to 'default' URI failed: No
> such file
> or directory
> > strongSwan 5.4.0 swanctl
> > usage:
> >
> >
> > Thanks,
> > Rajeev
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.strongswan.org
> <mailto:Users at lists.strongswan.org>
> <mailto:Users at lists.strongswan.org
> <mailto:Users at lists.strongswan.org>>
> <mailto:Users at lists.strongswan.org
> <mailto:Users at lists.strongswan.org>
> <mailto:Users at lists.strongswan.org
> <mailto:Users at lists.strongswan.org>>>
> >https://lists.strongswan.org/mailman/listinfo/users
> >
> >
> > --
> >
> ======================================================================
> > Andreas Steffen
> > andreas.steffen at strongswan.org
> <mailto:andreas.steffen at strongswan.org>
> <mailto:andreas.steffen at strongswan.org
> <mailto:andreas.steffen at strongswan.org>>
> <mailto:andreas.steffen at strongswan.org
> <mailto:andreas.steffen at strongswan.org>
>
> <mailto:andreas.steffen at strongswan.org
> <mailto:andreas.steffen at strongswan.org>>>
> > strongSwan - the Open Source VPN Solution!
> > www.strongswan.org <http://www.strongswan.org>
> <http://www.strongswan.org>
> <http://www.strongswan.org>
> > Institute for Internet Technologies and Applications
> > University of Applied Sciences Rapperswil
> > CH-8640 Rapperswil (Switzerland)
> >
>
> ===========================================================[ITA-HSR]==
> >
> >
>
>
> --
>
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org
> <mailto:andreas.steffen at strongswan.org>
> <mailto:andreas.steffen at strongswan.org
> <mailto:andreas.steffen at strongswan.org>>
> strongSwan - the Open Source VPN Solution!
> www.strongswan.org <http://www.strongswan.org>
> <http://www.strongswan.org>
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
>
> ===========================================================[ITA-HSR]==
>
>
>
> --
> ======================================================================
> Andreas Steffen
> andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>
> strongSwan - the Open Source VPN Solution!
> www.strongswan.org <http://www.strongswan.org>
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
>
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160511/0a22d832/attachment.bin>
More information about the Users
mailing list