<div dir="ltr"><div>Andreas,</div><div><br></div><div>I appreciate helping me out. Now I am making progress with Charon running, Not sure why it was stopping before. I am getting following error now, I am going over my config files. Hopefully I will find the issue. </div><div><br></div><div>rnohria@ubuntu:~$ sudo swanctl --load-conns</div><div>06[LIB] OpenSSL X.509 parsing failed</div><div>06[LIB] building CRED_CERTIFICATE - X509 failed, tried 4 builders</div><div>loading connection 'rw' failed: invalid value for: certs, config discarded</div><div>loaded 0 of 1 connections, 1 failed to load, 0 unloaded</div><div><br></div><div><br></div><div>Question:</div><div><br></div><div>Can I use Strongswan to make connections dynamically, not via config file. For config file we need to know information beforehand. If I don't know all the information beforehand like local and remote IP address. Is there any interface exist in Strongswan to support dynamic connection.</div><div><br></div><div>Thanks,</div><div>Rajeev</div><div><br></div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, May 11, 2016 at 4:41 AM, Andreas Steffen <span dir="ltr"><<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Rajeev,<br>
<br>
try running charon in the foreground:<br>
<br>
sudo /usr/local/libexec/ipsec/charon<br>
<br>
and check for error messages in the console window.<br>
<br>
Cheers Andreas<span class=""><br>
<br>
On 11.05.2016 11:53, rajeev nohria wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
Andreas,<br>
<br>
It seems like Charon daemon is not running, When I run the charon<br>
command, it immediately stops it. Where can I find the charon log to see<br>
if there is any issue?<br>
<br>
rnohria@ubuntu:~$ sudo /usr/local/libexec/ipsec/charon&<br>
[1] 7272<br>
rnohria@ubuntu:~$<br>
<br>
[1]+ Stopped sudo /usr/local/libexec/ipsec/charon<br>
<br>
Thanks,<br>
Rajeev<br>
<br>
<br>
On Wed, May 11, 2016 at 2:55 AM, Andreas Steffen<br></span><div><div class="h5">
<<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a> <mailto:<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a>>><br>
wrote:<br>
<br>
Hi Rajeev,<br>
<br>
can you check in the charon log if the vici plugin has been loaded?<br>
And do you see the charon daemon running in the process status<br>
(ps aux | grep charon)?<br>
<br>
Regards<br>
<br>
Andreas<br>
<br>
On 05/11/2016 04:04 AM, rajeev nohria wrote:<br>
> Thanks Andreas,<br>
><br>
> I ran the charon and also copied the charon script file to /etc/init.d.<br>
> Now when I run sudo swanctl --load-conn, I still get the same issue.<br>
> connecting to 'unix:///var/run/charon.vici' failed: No such file or<br>
> directory<br>
> Error: connecting to 'default' URI failed: No such file or directory<br>
> strongSwan 5.4.0 swanctl<br>
> usage:<br>
> swanctl --load-conns [--raw|--pretty]<br>
> --help (-h) show usage information<br>
> --raw (-r) dump raw response message<br>
> --pretty (-P) dump raw response message in pretty print<br>
> --debug (-v) set debug level, default: 1<br>
> --options (-+) read command line options from file<br>
> --uri (-u) service URI to connect to<br>
><br>
><br>
> Am I missing any other step?<br>
><br>
> Thanks,<br>
> Rajeev<br>
><br>
> On Tue, May 10, 2016 at 3:59 AM, Andreas Steffen<br>
> <<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a><br>
<mailto:<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a>><br></div></div>
<mailto:<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a><div><div class="h5"><br>
<mailto:<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a>>>><br>
> wrote:<br>
><br>
> Hi Rajeev,<br>
><br>
> is the charon daemon running? If not, either start charon<br>
manually:<br>
><br>
> sudo /usr/local/libexec/ipsec/charon &<br>
><br>
> or if your Linux distribution still uses upstart, copy the<br>
> following script to /etc/init.d/<br>
><br>
><br>
><br>
<a href="https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/testing/hosts/default/etc/init.d/charon" rel="noreferrer" target="_blank">https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/testing/hosts/default/etc/init.d/charon</a><br>
><br>
> and start the charon daemon in the appropriate runlevels.<br>
><br>
> If your Linux distribution uses systemd instead, compile and<br>
> install strongSwan with<br>
><br>
> ./config --enable-systemd<br>
><br>
> and enable and start the strongswan-swanctl service.<br>
><br>
> BTW - in order to use the vici socket you must be root. Thus<br>
><br>
> sudo swanctl --load-conn<br>
><br>
> Best regards<br>
><br>
> Andreas<br>
><br>
><br>
> On 09.05.2016 16:34, rajeev nohria wrote:<br>
><br>
> I am new user of Strongswan and running 5.4.0. After creating<br>
> certificates and configuring two Ubuntu m/c with Strongswan<br>
> 5.4.0. I try<br>
> to create connection as following and get error. Please<br>
advise,<br>
> how to<br>
> resolve following issue?<br>
><br>
> $swanctl --load-conn<br>
> connecting to 'unix:///var/run/charon.vici' failed: No<br>
such file or<br>
> directory<br>
> Error: connecting to 'default' URI failed: No such file<br>
or directory<br>
> strongSwan 5.4.0 swanctl<br>
> usage:<br>
><br>
><br>
> Thanks,<br>
> Rajeev<br>
><br>
><br>
> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>><br></div></div>
<mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>>><span class=""><br>
><a href="https://lists.strongswan.org/mailman/listinfo/users" rel="noreferrer" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br>
><br>
><br>
> --<br>
> ======================================================================<br>
> Andreas Steffen<br>
> <a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a><br>
<mailto:<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a>><br></span>
<mailto:<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a><div><div class="h5"><br>
<mailto:<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a>>><br>
> strongSwan - the Open Source VPN Solution!<br>
> <a href="http://www.strongswan.org" rel="noreferrer" target="_blank">www.strongswan.org</a> <<a href="http://www.strongswan.org" rel="noreferrer" target="_blank">http://www.strongswan.org</a>><br>
<<a href="http://www.strongswan.org" rel="noreferrer" target="_blank">http://www.strongswan.org</a>><br>
> Institute for Internet Technologies and Applications<br>
> University of Applied Sciences Rapperswil<br>
> CH-8640 Rapperswil (Switzerland)<br>
><br>
===========================================================[ITA-HSR]==<br>
><br>
><br>
<br>
<br>
--<br>
======================================================================<br>
Andreas Steffen <a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a><br>
<mailto:<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a>><br>
strongSwan - the Open Source VPN Solution! <a href="http://www.strongswan.org" rel="noreferrer" target="_blank">www.strongswan.org</a><br>
<<a href="http://www.strongswan.org" rel="noreferrer" target="_blank">http://www.strongswan.org</a>><br>
Institute for Internet Technologies and Applications<br>
University of Applied Sciences Rapperswil<br>
CH-8640 Rapperswil (Switzerland)<br>
===========================================================[ITA-HSR]==<br>
<br>
<br>
</div></div></blockquote><div class="HOEnZb"><div class="h5">
<br>
-- <br>
======================================================================<br>
Andreas Steffen <a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a><br>
strongSwan - the Open Source VPN Solution! <a href="http://www.strongswan.org" rel="noreferrer" target="_blank">www.strongswan.org</a><br>
Institute for Internet Technologies and Applications<br>
University of Applied Sciences Rapperswil<br>
CH-8640 Rapperswil (Switzerland)<br>
===========================================================[ITA-HSR]==<br>
<br>
</div></div></blockquote></div><br></div>