<div dir="ltr"><div style>I was trying to use some examples from the StrongSwan doc, but stumbled upon this weird behaviour... By any chance, is the deamon logged in syslog defined as "charon" independently of which one is running?</div>
<div style><br></div><div style>When I turned off the charon in /etc/ipsec.conf (deleted all charon stuff from strongswan.conf as well), still the syslog shows something like:</div><div style><br></div><div style><div>Jan 7 22:58:55 mac17 NetworkManager[1158]: <info> Starting VPN service 'strongswan'...</div>
<div>Jan 7 22:58:55 mac17 NetworkManager[1158]: <info> VPN service 'strongswan' started (org.freedesktop.NetworkManager.strongswan), PID 13041</div><div>Jan 7 22:58:55 mac17 charon: 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.5.2)</div>
<div>...</div><div><br></div><div style>If I execute the service myself, I notice that the message shows pluto, not charon:</div><div style><br></div><div style><div>$ sudo service ipsec start</div><div><div>Starting strongSwan 4.5.2 IPsec [starter]...</div>
</div></div><div style><div>$ sudo service ipsec start</div><div>Starting strongSwan 4.5.2 IPsec [starter]...</div><div>pluto is already running (/var/run/pluto.pid exists) -- skipping pluto start<br></div><div>starter is already running (/var/run/starter.pid exists) -- no fork done</div>
<div><br></div><div style>Could it be that the Network manager is somehow trying to force charon to run instead?</div></div></div><br clear="all"><div style>For reference, the files:</div><div style><br></div><div style>
--- /etc/ipsec.conf ---</div>
<div style><br></div><div style><div>config setup</div><div> plutodebug=control</div><div> charonstart=no<br></div><div> plutostart=yes</div><div><br></div><div>conn %default<br></div><div> ikelifetime=60m</div>
<div> keylife=20m</div><div> rekeymargin=3m</div><div> keyingtries=1</div><div> keyexchange=ikev1</div><div> authby=secret</div><div><br></div></div><div><div>--- /etc/strongswan.conf ---</div></div><div><br>
</div><div><div>pluto {</div><div>}<br></div><div><br></div><div>libstrongswan {</div><div> dh_exponent_ansi_x9_42 = no</div><div>}</div></div><div><br></div><div><br></div><div style>The complete syslog messages:</div>
<div style><br></div><div style><div>Jan 7 23:09:13 mac17 NetworkManager[1158]: <info> Starting VPN service 'strongswan'...</div><div>Jan 7 23:09:13 mac17 NetworkManager[1158]: <info> VPN service 'strongswan' started (org.freedesktop.NetworkManager.strongswan), PID 9228</div>
<div>Jan 7 23:09:13 mac17 charon: 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.5.2)</div><div>Jan 7 23:09:13 mac17 charon: 00[KNL] listening on interfaces:</div><div>Jan 7 23:09:13 mac17 charon: 00[KNL] eth0</div>
<div>Jan 7 23:09:13 mac17 charon: 00[KNL] wlan0</div><div>Jan 7 23:09:13 mac17 charon: 00[KNL] 192.168.1.1</div><div>Jan 7 23:09:13 mac17 charon: 00[KNL] fe80::129a:ddff:feae:e16a</div><div>Jan 7 23:09:13 mac17 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'</div>
<div>Jan 7 23:09:13 mac17 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'</div><div>Jan 7 23:09:13 mac17 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'</div>
<div>Jan 7 23:09:13 mac17 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'</div><div>Jan 7 23:09:13 mac17 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'</div><div>Jan 7 23:09:13 mac17 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'</div>
<div>Jan 7 23:09:13 mac17 charon: 00[CFG] loaded IKE secret for x.x.x.x %any</div><div>Jan 7 23:09:13 mac17 charon: 00[CFG] sql plugin: database URI not set</div><div>Jan 7 23:09:13 mac17 charon: 00[LIB] plugin 'sql': failed to load - sql_plugin_create returned NULL</div>
<div>Jan 7 23:09:13 mac17 charon: 00[CFG] loaded 0 RADIUS server configurations</div><div>Jan 7 23:09:13 mac17 charon: 00[LIB] plugin 'medsrv' failed to load: /usr/lib/ipsec/plugins/libstrongswan-medsrv.so: cannot open shared object file: No such file or directory</div>
<div>Jan 7 23:09:13 mac17 charon: 00[CFG] mediation client database URI not defined, skipped</div><div>Jan 7 23:09:13 mac17 charon: 00[LIB] plugin 'medcli': failed to load - medcli_plugin_create returned NULL</div>
<div>Jan 7 23:09:13 mac17 NetworkManager[1158]: <info> VPN service 'strongswan' appeared; activating connections</div><div>Jan 7 23:09:13 mac17 charon: 00[CFG] HA config misses local/remote address</div><div>
Jan 7 23:09:13 mac17 charon: 00[LIB] plugin 'ha': failed to load - ha_plugin_create returned NULL</div><div>Jan 7 23:09:13 mac17 charon: 00[DMN] loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509 revocation constraints pubkey pkcs1 pgp pem openssl fips-prf gmp agent pkcs11 xcbc hmac ctr ccm gcm attr kernel-netlink resolve socket-raw farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc nm dhcp led addrblock </div>
<div>Jan 7 23:09:13 mac17 charon: 00[JOB] spawning 16 worker threads</div><div><br></div></div><div style>Thanks,</div><div><br><span style="font-family:'courier new',monospace">--</span><br style="font-family:'courier new',monospace">
<b style="font-family:'courier new',monospace">Braga, Bruno</b><br style="font-family:'courier new',monospace"><a style="font-family:'courier new',monospace" href="http://www.brunobraga.net" target="_blank">www.brunobraga.net</a><br style="font-family:'courier new',monospace">
<a style="font-family:'courier new',monospace" href="mailto:bruno.braga@gmail.com" target="_blank">bruno.braga@gmail.com</a></div>
</div>