<div dir="ltr">Hi Noel, Andreas<div><br></div><div>Now my strongswan is working well now.</div><div>Thank you verry much! <br></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2014-08-19 13:28 GMT+08:00 Andreas Steffen <span dir="ltr"><<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello Amysu,<br>
<br>
go into the strongswan source directory and execute<br>
<br>
make clean<br>
./configure --sysconfdir=/etc <any other options><br>
make<br>
make install<br>
<br>
and the path pointing to the configuration files is changed from<br>
/usr/local/etc to /etc. If you want you to clean up you can remove<br>
the old configuration files:<br>
<br>
cd /usr/local/etc<br>
rm -r ipsec.d swanctl ipsec.secrets ipsec.conf strongswan.conf<br>
<br>
Best regards<br>
<br>
Andreas<br>
<div class=""><br>
On 08/19/2014 07:02 AM, <a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a> wrote:<br>
> Hello Andreas,<br>
><br>
> I have installed strongswan, how can change the sysconfdir, should I<br>
> uninstall it first? I don't know how to uninstall strongswan?<br>
><br>
> Thanks for your help<br>
><br>
><br>
> 2014-08-19 12:36 GMT+08:00 Andreas Steffen<br>
</div>> <<a href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a> <mailto:<a href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a>>>:<br>
<div class="">><br>
> Hello Amysue,<br>
><br>
> you have to build strongSwan with<br>
><br>
> ./configure --sysconfdir=/etc<br>
><br>
> Regards<br>
><br>
> Andreas<br>
><br>
> On 08/19/2014 05:18 AM, <a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a><br>
</div><div class="">> <mailto:<a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a>> wrote:<br>
> > Hi Noel,<br>
> ><br>
> > I have checked the strongswan logs at /var/log/messages, and I found<br>
> > that it load the conf directory /usr/loca/etc, while I put all my<br>
> conf<br>
> > files at /etc, which I think cause my problem.<br>
> > Is there any way that I can change the conf directory to /etc.<br>
> ><br>
> > Thanks,<br>
> ><br>
> ><br>
> > 2014-08-18 21:16 GMT+08:00 Noel Kuntze <<a href="mailto:noel@familie-kuntze.de">noel@familie-kuntze.de</a><br>
> <mailto:<a href="mailto:noel@familie-kuntze.de">noel@familie-kuntze.de</a>><br>
</div>> > <mailto:<a href="mailto:noel@familie-kuntze.de">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de">noel@familie-kuntze.de</a>>>>:<br>
<div class="">> ><br>
> > Hello Amysue<br>
> ><br>
> > Please refer to [2] for a how-to for installing strongSwan.<br>
> > Please note that some modules that could be necessary for your setup<br>
> > need to be compiled by giving the corresponding parameters to<br>
> > ./configure.<br>
> ><br>
> > Regards,<br>
> > Noel Kuntze<br>
> ><br>
> > GPG Key id: 0x63EC6658<br>
> > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br>
> ><br>
> > Am 18.08.2014 um 15:12 schrieb <a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a><br>
> <mailto:<a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a>><br>
</div>> > <mailto:<a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a> <mailto:<a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a>>>:<br>
<div class="">> >> I also want to know are there any special configurations to<br>
> > install strongswan for ikev2 mobike?<br>
> ><br>
> >> For install strongswan to my pc, I just<br>
> >> /./configure/<br>
> >> /make/<br>
> >> /make install/<br>
> >> /<br>
> >> /<br>
> >> Thanks,<br>
> ><br>
> ><br>
> >> 2014-08-18 21:08 GMT+08:00 <<a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a><br>
> <mailto:<a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a>><br>
> > <mailto:<a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a> <mailto:<a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a>>><br>
> <mailto:<a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a> <mailto:<a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a>><br>
</div>> > <mailto:<a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a> <mailto:<a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a>>>>>:<br>
<div class="">> ><br>
> >> Hi Noel,<br>
> >> The output of "ipsec statusall" is<br>
> >> /Status of IKE charon daemon (strongSwan 5.0.2, Linux<br>
> > 2.6.18-348.1.1.el5, i686):/<br>
> >> / uptime: 14 minutes, since Aug 18 18:21:46 2014/<br>
> >> / malloc: sbrk 135168, mmap 0, used 86616, free 48552/<br>
> >> / worker threads: 8 of 16 idle, 7/1/0/0 working, job queue:<br>
> > 0/0/0/0, scheduled: 0/<br>
> >> / loaded plugins: charon aes des sha1 sha2 md5 random nonce<br>
> > x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem<br>
> > fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve<br>
> > socket-default stroke updown eap-md5 eap-radius xauth-generic/<br>
> >> /Listening IP addresses:/<br>
</div>> >> / <a href="http://192.168.2.6/" target="_blank">192.168.2.6/</a> <<a href="http://192.168.2.6/" target="_blank">http://192.168.2.6/</a>> <<a href="http://192.168.2.6/" target="_blank">http://192.168.2.6/</a>><br>
> >> / <a href="http://12.12.1.203/" target="_blank">12.12.1.203/</a> <<a href="http://12.12.1.203/" target="_blank">http://12.12.1.203/</a>> <<a href="http://12.12.1.203/" target="_blank">http://12.12.1.203/</a>><br>
<div class="">> >> /Connections:/<br>
> >> /Security Associations (0 up, 0 connecting):/<br>
> >> / none/<br>
> ><br>
> >> AndŁ¬ how do I enable logging[1] ? I don't use strongswan<br>
> > much, So it feel difficult for me.<br>
> >> Thank you again for your help<br>
> ><br>
> ><br>
> ><br>
> >> 2014-08-18 21:02 GMT+08:00 Noel Kuntze<br>
> <<a href="mailto:noel@familie-kuntze.de">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de">noel@familie-kuntze.de</a>><br>
> > <mailto:<a href="mailto:noel@familie-kuntze.de">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de">noel@familie-kuntze.de</a>>><br>
> <mailto:<a href="mailto:noel@familie-kuntze.de">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de">noel@familie-kuntze.de</a>><br>
</div>> > <mailto:<a href="mailto:noel@familie-kuntze.de">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de">noel@familie-kuntze.de</a>>>>>:<br>
<div class="">> ><br>
> >> Hello,<br>
> ><br>
> >> Check your system log for errors and show us the output of "ipsec<br>
> > statusall".<br>
> >> Sometimes, it takes a couple of seconds for the daemon to load the<br>
> > configuration. Waiting a bit can help in this case.<br>
> >> The reason for this is, that all the ipsec commands are asynchronous.<br>
> >> If the configuration isn't loaded for a couple of seconds, please<br>
> > enable logging[1].<br>
> >> StrongSwan can handle Mobike. It's a daemon thing, not a kernel<br>
> thing.<br>
> ><br>
> >> [1]<br>
> ><br>
> <a href="https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration" target="_blank">https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration</a><br>
> ><br>
> >> Regards,<br>
> >> Noel Kuntze<br>
> ><br>
> >> GPG Key id: 0x63EC6658<br>
> >> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br>
> ><br>
> >> Am 18.08.2014 um 14:56 schrieb <a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a><br>
> <mailto:<a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a>><br>
> > <mailto:<a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a> <mailto:<a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a>>><br>
</div>> <mailto:<a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a> <mailto:<a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a>><br>
> > <mailto:<a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a> <mailto:<a href="mailto:amysue.z@gmail.com">amysue.z@gmail.com</a>>>>:<br>
<div><div class="h5">> >>> Hello,<br>
> ><br>
> >>> My OS is centos 5.9 and i have installed Linux strongSwan<br>
> > U5.0.2/K2.6.18-348.1.1.el5.<br>
> >>> After installation,i start strongswan:<br>
> >>> ipsec start<br>
> >>> then i up an connection:<br>
> >>> ipsec up client<br>
> >>> then I get an error:*no config named 'client'*<br>
> >>> Actually, I define an connection in /etc/ipsec.conf.<br>
> ><br>
> >>> Below is my /etc/ipsec.conf<br>
> ><br>
> >>> /config setup/<br>
> >>> / strictcrlpolicy=no/<br>
> >>> / charonstart=yes/<br>
> >>> /<br>
> >>> /<br>
> >>> /conn %default/<br>
> >>> / ikelifetime=28800s/<br>
> >>> / keylife=28800s/<br>
> >>> / rekeymargin=3m/<br>
> >>> / keyingtries=3/<br>
> >>> / keyexchange=ikev2/<br>
> >>> / ike=3des-sha1-modp1024/<br>
> >>> / esp=3des-sha1/<br>
> >>> /<br>
> >>> /<br>
> >>> /conn client/<br>
> >>> / left=<a href="http://12.12.1.203/" target="_blank">12.12.1.203/</a> <<a href="http://12.12.1.203/" target="_blank">http://12.12.1.203/</a>><br>
> <<a href="http://12.12.1.203/" target="_blank">http://12.12.1.203/</a>> <<a href="http://12.12.1.203/" target="_blank">http://12.12.1.203/</a>><br>
> >>> / leftsourceip=%config/<br>
> >>> / leftcert=client1_cert.pem/<br>
> >>> / leftid="/C=CN/ST=SH/O=CS/CN=IKEv2_Client1"/<br>
> >>> / right=<a href="http://11.11.11.200/" target="_blank">11.11.11.200/</a> <<a href="http://11.11.11.200/" target="_blank">http://11.11.11.200/</a>><br>
> <<a href="http://11.11.11.200/" target="_blank">http://11.11.11.200/</a>><br>
> > <<a href="http://11.11.11.200/" target="_blank">http://11.11.11.200/</a>><br>
> >>> / rightid="/C=CN/ST=SH/O=CS/CN=11.11.11.200"/<br>
> >>> / rightsubnet=<a href="http://192.168.168.0/24" target="_blank">192.168.168.0/24</a> <<a href="http://192.168.168.0/24" target="_blank">http://192.168.168.0/24</a>><br>
> <<a href="http://192.168.168.0/24" target="_blank">http://192.168.168.0/24</a>><br>
> > <<a href="http://192.168.168.0/24" target="_blank">http://192.168.168.0/24</a>> <<a href="http://192.168.168.0/24" target="_blank">http://192.168.168.0/24</a>>/<br>
> >>> / auto=add/<br>
> >>> /<br>
> >>> /<br>
> >>> I have no idea what to do now, I really need your help, any one<br>
> > could help me?<br>
> >>> Thank you very much<br>
> ><br>
><br>
> ======================================================================<br>
> Andreas Steffen<br>
</div></div>> <a href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a> <mailto:<a href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a>><br>
<div class="">> strongSwan - the Open Source VPN Solution!<br>
</div>> <a href="http://www.strongswan.org" target="_blank">www.strongswan.org</a> <<a href="http://www.strongswan.org" target="_blank">http://www.strongswan.org</a>><br>
<div class="">> Institute for Internet Technologies and Applications<br>
> University of Applied Sciences Rapperswil<br>
> CH-8640 Rapperswil (Switzerland)<br>
> ===========================================================[ITA-HSR]==<br>
><br>
><br>
<br>
</div>--<br>
<div class="HOEnZb"><div class="h5">======================================================================<br>
Andreas Steffen <a href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a><br>
strongSwan - the Open Source VPN Solution! <a href="http://www.strongswan.org" target="_blank">www.strongswan.org</a><br>
Institute for Internet Technologies and Applications<br>
University of Applied Sciences Rapperswil<br>
CH-8640 Rapperswil (Switzerland)<br>
===========================================================[ITA-HSR]==<br>
<br>
</div></div></blockquote></div><br></div>