<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Hello,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Ipsec.secrets file stores the information about the subscribers that you will use in you tunnel, that’s why it is not included in the installation. You can find lots of examples of ipsec.secrets files (and the rest of the required files to configure server and client side) in the tests section:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><a href="https://wiki.strongswan.org/projects/strongswan/wiki/ConfigurationExamples">https://wiki.strongswan.org/projects/strongswan/wiki/ConfigurationExamples</a><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>BR<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Users [mailto:users-bounces@lists.strongswan.org] <b>On Behalf Of </b>Kapil Athi<br><b>Sent:</b> Monday, June 6, 2016 3:55 PM<br><b>To:</b> users@lists.strongswan.org<br><b>Subject:</b> [strongSwan] ipsec.secrets file is missing<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>Hi Folks,<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Thanks for adding me into Strongswan User Community!<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I need some info on how "/etc/ipsec.secrets" file is installed/generated. In my current development environment with strongswan 5.3.2, i see /etc/ipsec.secrets file is missing after installation, so need some info to understand how "ipsec.secrets" is created, so i can debug this.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>i am using yocto based enviroment with linux 3.12<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>yocto ver : 1.6 <o:p></o:p></p></div><div><p class=MsoNormal>Strongswan version used: 5.3.2<o:p></o:p></p></div><div><p class=MsoNormal>Linux kernel : 3.12 (Mentor embedded linux - MEL)<o:p></o:p></p></div><div><p class=MsoNormal>strongswan recipe : <a href="http://git.openembedded.org/meta-openembedded/tree/meta-networking/recipes-support/strongswan/strongswan_5.3.2.bb">http://git.openembedded.org/meta-openembedded/tree/meta-networking/recipes-support/strongswan/strongswan_5.3.2.bb</a><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>With the above Strongswan recipe, i have compiled and installed the strongswan 5.3.2.<o:p></o:p></p></div><div><p class=MsoNormal>After bootup, i see that "/etc/ipsec.secrets" file is not created. Even, in the MEL built rootfs, i don't see the file /etc/ipsec.secrets. <o:p></o:p></p></div><div><p class=MsoNormal>Now, i can manually create this file and start using it, but i wanted to learn why this file is missing in the first place.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Can somebody tell me, if /etc/ipsec.secrets file will created at compile time or during run time ? if so, can you give me some suggestion on where to look, if the ipsec.secrets file is missing.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>FYI. Earlier i was using strongswan 5.1.1 and 5.2.1, and ipsec.secrets always used to be there.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Error Log:<o:p></o:p></p></div><div><p class=MsoNormal>=======<o:p></o:p></p></div><div><div><p class=MsoNormal> <a href="http://daemon.info">daemon.info</a> charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'<o:p></o:p></p></div><div><p class=MsoNormal><b><span style='color:lime'> <a href="http://daemon.info">daemon.info</a> charon: 00[CFG] opening secrets file '/etc/ipsec.secrets' failed: No such file or directory</span></b><o:p></o:p></p></div></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Logs: <o:p></o:p></p></div><div><p class=MsoNormal>====<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><div><p class=MsoNormal> <a href="http://authpriv.info">authpriv.info</a> ipsec_starter[590]: Starting strongSwan 5.3.2 IPsec [starter]...<o:p></o:p></p></div><div><p class=MsoNormal> <a href="http://daemon.info">daemon.info</a> charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.2, Linux 3.12.19-rt30, ppc)<o:p></o:p></p></div><div><p class=MsoNormal> <a href="http://daemon.info">daemon.info</a> ipsec[590]: Starting strongSwan 5.3.2 IPsec [starter]...<o:p></o:p></p></div><div><p class=MsoNormal> <a href="http://daemon.info">daemon.info</a> charon: 00[KNL] received netlink error: Operation not supported (95)<o:p></o:p></p></div><div><p class=MsoNormal> <a href="http://daemon.info">daemon.info</a> charon: 00[KNL] unable to create IPv6 routing table rule <o:p></o:p></p></div><div><p class=MsoNormal> <a href="http://daemon.info">daemon.info</a> charon: 00[KNL] unable to create IPv4 routing table rule<o:p></o:p></p></div><div><p class=MsoNormal> <a href="http://daemon.info">daemon.info</a> charon: 00[KNL] received netlink error: Operation not supported (95)<o:p></o:p></p></div><div><p class=MsoNormal> <a href="http://daemon.info">daemon.info</a> charon: 00[KNL] unable to create IPv6 routing table rule<o:p></o:p></p></div><div><p class=MsoNormal> <a href="http://daemon.info">daemon.info</a> charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'<o:p></o:p></p></div><div><p class=MsoNormal> <a href="http://daemon.info">daemon.info</a> charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'<o:p></o:p></p></div><div><p class=MsoNormal> <a href="http://daemon.info">daemon.info</a> charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'<o:p></o:p></p></div><div><p class=MsoNormal> <a href="http://daemon.info">daemon.info</a> charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'<o:p></o:p></p></div><div><p class=MsoNormal> <a href="http://daemon.info">daemon.info</a> charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'<o:p></o:p></p></div><div><p class=MsoNormal> <a href="http://daemon.info">daemon.info</a> charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'<o:p></o:p></p></div><div><p class=MsoNormal><b><span style='color:lime'> <a href="http://daemon.info">daemon.info</a> charon: 00[CFG] opening secrets file '/etc/ipsec.secrets' failed: No such file or directory</span></b><o:p></o:p></p></div><div><p class=MsoNormal> <a href="http://daemon.info">daemon.info</a> charon: 00[LIB] loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubke<o:p></o:p></p></div><div><p class=MsoNormal> <a href="http://daemon.info">daemon.info</a> charon: 00[JOB] spawning 16 worker threads<o:p></o:p></p></div></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Thanks<o:p></o:p></p></div><div><p class=MsoNormal>Kapil.<o:p></o:p></p></div></div></div></body></html>