<div dir="ltr"><span style="font-family:arial,sans-serif;font-size:13px">Hi,</span><div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">I'm trying to create a secure tunnel between my mobile device (Android) and a gateway (Linux box). I need an EAP-SIM based authentication with the radius server. For this I compiled the strongswan library with --enable-eap-sim, --enable-eap-sim-file and --enable-eap-radius options on both the Android device and the gateway machine. However when I try ipsec start --nofork on my gateway machine, the charon daemon starts with following error messages:</div>
<div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px"><div>moon@moon-gw:~/Desktop/strongswan-5.1.0$ sudo ipsec start --nofork</div><div>Starting strongSwan 5.1.0 IPsec [starter]...</div>
<div>00[DMN] Starting IKE charon daemon (strongSwan 5.1.0, Linux 3.2.0-29-generic, x86_64)</div><div>00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'</div><div>00[CFG] loaded ca certificate "C=IN, O=someorg, CN=someorg CA" from '/etc/ipsec.d/cacerts/caCert.der'</div>
<div>00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'</div><div>00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'</div><div>00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'</div>
<div>00[CFG] loading crls from '/etc/ipsec.d/crls'</div><div>00[CFG] loaded crl from '/etc/ipsec.d/crls/crl_moon.der'</div><div>00[CFG] loading secrets from '/etc/ipsec.secrets'</div><div>00[CFG] loaded RSA private key from '/etc/ipsec.d/private/moonKey.der'</div>
<div>00[CFG] sql plugin: database URI not set</div><div>00[CFG] read 0 triplets from /etc/ipsec.d/triplets.dat</div><div>00[CFG] eap-simaka-sql database URI missing</div><div><b>00[CFG] loaded 0 RADIUS server configurations</b></div>
<div>00[LIB] loaded plugins: charon sqlite pkcs11 aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown eap-identity eap-sim eap-sim-file eap-aka eap-aka-3gpp2 eap-md5 eap-mschapv2 eap-radius eap-tls eap-ttls xauth-generic error-notify</div>
<div>00[LIB] unable to load 9 plugin features (7 due to unmet dependencies)</div><div>00[JOB] spawning 16 worker threads</div><div>charon (15730) started after 40 ms</div><div>05[CFG] received stroke: add connection 'rw-eap'</div>
<div>05[CFG] loaded certificate "C=IN, O=someorg, CN=moon" from 'moonCert.der'</div><div>05[CFG] added configuration 'rw-eap'</div><div><br></div><div><br></div><div>Why am I getting this error? I referred the mailing list archives for this but could not get any specific help. Also when my android device tries to initiate IKE exchanges with the gateway, the gateway throws an error saying: <b>loading EAP_RADIUS method failed.</b></div>
<div><br></div><div>Can some one please help me on this?</div><div><br></div><div><br></div><div>Below is the content of my <b>strongswan.conf</b> file:</div><div><div># strongswan.conf - strongSwan configuration file</div>
<div>charon {</div><div><span style="white-space:pre-wrap"> </span># number of worker threads in charon</div><div><span style="white-space:pre-wrap"> </span>threads = 16</div><div><br></div><div><span style="white-space:pre-wrap"> </span># send strongswan vendor ID?</div>
<div><span style="white-space:pre-wrap"> </span># send_vendor_id = yes</div><div><br></div><div><span style="white-space:pre-wrap"> </span>load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-raw fips-prf eap-radius eap-sim eap-sim-file updown</div>
<div><br></div><div><span style="white-space:pre-wrap"> </span>plugins {</div><div><span style="white-space:pre-wrap"> </span>sql {</div><div><span style="white-space:pre-wrap"> </span># loglevel to log into sql database</div>
<div><span style="white-space:pre-wrap"> </span>loglevel = -1</div><div><br></div><div><span style="white-space:pre-wrap"> </span># URI to the database</div><div><span style="white-space:pre-wrap"> </span># database = sqlite:///path/to/file.db</div>
<div><span style="white-space:pre-wrap"> </span># database = mysql://user:password@localhost/database</div><div><span style="white-space:pre-wrap"> </span>}</div><div><span style="white-space:pre-wrap"> </span>eap-radius {</div>
<div><span style="white-space:pre-wrap"> </span>class_group = yes</div><div><span style="white-space:pre-wrap"> </span>eap_start = yes</div><div><span style="white-space:pre-wrap"> </span>servers {</div><div><span style="white-space:pre-wrap"> </span>primary {</div>
<div><span style="white-space:pre-wrap"> </span>address = 10.10.10.2</div><div><span style="white-space:pre-wrap"> </span>secret = gv6URkSs</div><div><span style="white-space:pre-wrap"> </span>nas_identifier = moon-gw</div>
<div><span style="white-space:pre-wrap"> </span>sockets = 20</div><div><span style="white-space:pre-wrap"> </span>preference = 99</div><div><span style="white-space:pre-wrap"> </span>}</div><div><span style="white-space:pre-wrap"> </span>}</div>
<div><span style="white-space:pre-wrap"> </span>#secret = gv6URkSs</div><div><span style="white-space:pre-wrap"> </span>#server = 10.10.10.2</div><div><span style="white-space:pre-wrap"> </span>}</div><div><span style="white-space:pre-wrap"> </span>}</div>
<div><br></div><div><span style="white-space:pre-wrap"> </span># ...</div><div>}</div></div><div><br></div><div><br></div><div>--Regards</div><div> Sam</div></div></div>