<div dir="ltr"><div><br></div><div>Problem 1:</div><div><div>root@Xilinx-ZCU102-2016_1:/lib# charon </div><div>00[DMN] Starting IKE charon daemon (strongSwan 5.5.0, Linux 4.4.0, aarch64)</div><div>00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet dependency: NONCE_GEN</div><div>00[LIB] feature CUSTOM:libcharon-receiver in critical plugin 'charon' has unmet dependency: HASHER:HASH_SHA1</div><div>00[LIB] feature CUSTOM:libcharon-sa-managers in critical plugin 'charon' has unmet dependency: HASHER:HASH_SHA1</div><div>00[LIB] failed to load 3 critical plugin features</div><div>00[DMN] initialization failed - aborting charon</div></div><div><br></div>How does charon knows that where to look for the plugins? I used --enable-monolithic options and that means all the plugins should be there in libstrongswan and libcharon and libvici.<div><br></div><div><div>I am getting similar to following issue. Not sure how it was resolved.</div><div><a href="https://wiki.strongswan.org/issues/1299">https://wiki.strongswan.org/issues/1299</a></div><div><br></div><div><br></div><div><p class="MsoNormal">root@Xilinx-ZCU102-2016_1:~# cd /usr/lib/ipsec<span></span></p>
<p class="MsoNormal">root@Xilinx-ZCU102-2016_1:/usr/lib/ipsec# ls<span></span></p>
<p class="MsoNormal">libcharon.a
libstrongswan.a
libvici.a plugins<span></span></p>
<p class="MsoNormal"><a href="http://libcharon.la">libcharon.la</a>
<a href="http://libstrongswan.la">libstrongswan.la</a> <a href="http://libvici.la">libvici.la</a><span></span></p>
<p class="MsoNormal">root@Xilinx-ZCU102-2016_1:/usr/lib/ipsec# cd plugins/<span></span></p>
<p class="MsoNormal">root@Xilinx-ZCU102-2016_1:/usr/lib/ipsec/plugins# ls<span></span></p>
<p class="MsoNormal">libstrongswan-aes.a
libstrongswan-pkcs7.a<span></span></p>
<p class="MsoNormal"><a href="http://libstrongswan-aes.la">libstrongswan-aes.la</a>
<a href="http://libstrongswan-pkcs7.la">libstrongswan-pkcs7.la</a><span></span></p>
<p class="MsoNormal">libstrongswan-attr.a
libstrongswan-pkcs8.a<span></span></p>
<p class="MsoNormal"><a href="http://libstrongswan-attr.la">libstrongswan-attr.la</a>
<a href="http://libstrongswan-pkcs8.la">libstrongswan-pkcs8.la</a><span></span></p>
<p class="MsoNormal">libstrongswan-cmac.a
libstrongswan-pubkey.a<span></span></p>
<p class="MsoNormal"><a href="http://libstrongswan-cmac.la">libstrongswan-cmac.la</a>
<a href="http://libstrongswan-pubkey.la">libstrongswan-pubkey.la</a><span></span></p>
<p class="MsoNormal">libstrongswan-constraints.a
libstrongswan-random.a<span></span></p>
<p class="MsoNormal"><a href="http://libstrongswan-constraints.la">libstrongswan-constraints.la</a>
<a href="http://libstrongswan-random.la">libstrongswan-random.la</a><span></span></p>
<p class="MsoNormal">libstrongswan-des.a
libstrongswan-rc2.a<span></span></p>
<p class="MsoNormal"><a href="http://libstrongswan-des.la">libstrongswan-des.la</a>
<a href="http://libstrongswan-rc2.la">libstrongswan-rc2.la</a><span></span></p>
<p class="MsoNormal">libstrongswan-dnskey.a
libstrongswan-resolve.a<span></span></p>
<p class="MsoNormal"><a href="http://libstrongswan-dnskey.la">libstrongswan-dnskey.la</a>
<a href="http://libstrongswan-resolve.la">libstrongswan-resolve.la</a><span></span></p>
<p class="MsoNormal">libstrongswan-fips-prf.a
libstrongswan-revocation.a<span></span></p>
<p class="MsoNormal"><a href="http://libstrongswan-fips-prf.la">libstrongswan-fips-prf.la</a>
<a href="http://libstrongswan-revocation.la">libstrongswan-revocation.la</a><span></span></p>
<p class="MsoNormal">libstrongswan-hmac.a
libstrongswan-sha1.a<span></span></p>
<p class="MsoNormal"><a href="http://libstrongswan-hmac.la">libstrongswan-hmac.la</a>
<a href="http://libstrongswan-sha1.la">libstrongswan-sha1.la</a><span></span></p>
<p class="MsoNormal">libstrongswan-kernel-netlink.a
libstrongswan-sha2.a<span></span></p>
<p class="MsoNormal"><a href="http://libstrongswan-kernel-netlink.la">libstrongswan-kernel-netlink.la</a> <a href="http://libstrongswan-sha2.la">libstrongswan-sha2.la</a><span></span></p>
<p class="MsoNormal">libstrongswan-md5.a
libstrongswan-socket-default.a<span></span></p>
<p class="MsoNormal"><a href="http://libstrongswan-md5.la">libstrongswan-md5.la</a>
<a href="http://libstrongswan-socket-default.la">libstrongswan-socket-default.la</a><span></span></p>
<p class="MsoNormal">libstrongswan-nonce.a
libstrongswan-sshkey.a<span></span></p>
<p class="MsoNormal"><a href="http://libstrongswan-nonce.la">libstrongswan-nonce.la</a>
<a href="http://libstrongswan-sshkey.la">libstrongswan-sshkey.la</a><span></span></p>
<p class="MsoNormal">libstrongswan-openssl.a
libstrongswan-stroke.a<span></span></p>
<p class="MsoNormal"><a href="http://libstrongswan-openssl.la">libstrongswan-openssl.la</a>
<a href="http://libstrongswan-stroke.la">libstrongswan-stroke.la</a><span></span></p>
<p class="MsoNormal">libstrongswan-pem.a
libstrongswan-updown.a<span></span></p>
<p class="MsoNormal"><a href="http://libstrongswan-pem.la">libstrongswan-pem.la</a>
<a href="http://libstrongswan-updown.la">libstrongswan-updown.la</a><span></span></p>
<p class="MsoNormal">libstrongswan-pgp.a
libstrongswan-vici.a<span></span></p>
<p class="MsoNormal"><a href="http://libstrongswan-pgp.la">libstrongswan-pgp.la</a>
<a href="http://libstrongswan-vici.la">libstrongswan-vici.la</a><span></span></p>
<p class="MsoNormal">libstrongswan-pkcs1.a
libstrongswan-x509.a<span></span></p>
<p class="MsoNormal"><a href="http://libstrongswan-pkcs1.la">libstrongswan-pkcs1.la</a>
<a href="http://libstrongswan-x509.la">libstrongswan-x509.la</a><span></span></p>
<p class="MsoNormal">libstrongswan-pkcs11.a libstrongswan-xauth-generic.a<span></span></p>
<p class="MsoNormal"><a href="http://libstrongswan-pkcs11.la">libstrongswan-pkcs11.la</a>
<a href="http://libstrongswan-xauth-generic.la">libstrongswan-xauth-generic.la</a><span></span></p>
<p class="MsoNormal">libstrongswan-pkcs12.a
libstrongswan-xcbc.a<span></span></p>
<p class="MsoNormal"><a href="http://libstrongswan-pkcs12.la">libstrongswan-pkcs12.la</a>
<a href="http://libstrongswan-xcbc.la">libstrongswan-xcbc.la</a><span></span></p></div><div><br></div><div><br></div><div><div><br></div><div><br></div><div><br></div><div>Problem 2:</div><div><br></div><div>When running swanctl, I am getting following issue? Any pointer?</div><div><br></div><div><div><br></div><div>root@Xilinx-ZCU102-2016_1:/lib# </div><div>root@Xilinx-ZCU102-2016_1:/lib# </div><div>root@Xilinx-ZCU102-2016_1:/lib# swanctl</div><div>strongSwan 5.5.0 swanctl</div><div>loaded plugins: </div><div>usage:</div><div> swanctl --initiate (-i) initiate a connection</div><div> swanctl --terminate (-t) terminate a connection</div><div> swanctl --redirect (-d) redirect an IKE_SA</div><div> swanctl --uninstall (-u) uninstall a trap or shunt policy</div><div> swanctl --install (-p) install a trap or shunt policy</div><div> swanctl --list-sas (-l) list currently active IKE_SAs</div><div> swanctl --monitor-sa (-m) monitor for IKE_SA and CHILD_SA changes</div><div> swanctl --list-pols (-P) list currently installed policies</div><div> swanctl --list-authorities (-B) list loaded authority configurations</div><div> swanctl --list-conns (-L) list loaded configurations</div><div> swanctl --list-certs (-x) list stored certificates</div><div> swanctl --list-pools (-A) list loaded pool configurations</div><div> swanctl --list-algs (-g) show loaded algorithms</div><div> swanctl --load-all (-q) load credentials, authorities, pools and connections</div><div> swanctl --load-authorities (-b) (re-)load authority configuration</div><div> swanctl --load-conns (-c) (re-)load connection configuration</div><div> swanctl --load-creds (-s) (re-)load credentials</div><div> swanctl --load-pools (-a) (re-)load pool configuration</div><div> swanctl --log (-T) trace logging output</div><div> swanctl --version (-v) show version information</div><div> swanctl --stats (-S) show daemon stats information</div><div> swanctl --reload-settings (-r) reload daemon strongswan.conf</div><div> swanctl --help (-h) show usage information</div><div>libgcc_s.so.1 must be installed for pthread_cancel to work</div><div>Aborted</div></div><div><br></div><div><br></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Oct 19, 2016 at 2:43 PM, rajeev nohria <span dir="ltr"><<a href="mailto:rajnohria@gmail.com" target="_blank">rajnohria@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thomas,<div><br></div><div>I tired both way and did not help. Not sure what I could be missing. In following I also tried removing swanctl section, that also did not work.</div><div><br></div><div><br></div><div><span class=""><div># strongswan.conf - strongSwan configuration file</div><div>#</div><div># Refer to the strongswan.conf(5) manpage for details</div><div>#</div><div># Configuration changes should be made in the included files</div><div><br></div><div>swanctl {</div><div> load = pem pkcs1 x509 revocation constraints pubkey openssl random </div><div>}</div><div><br></div><div><br></div><div>charon {</div><div><span class="m_-7198330805867019477gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>load_modular = yes</div></span><div><div class="h5"><div><span class="m_-7198330805867019477gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>plugins {</div><div><span class="m_-7198330805867019477gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>include strongswan.d/charon/*.conf</div><div><span class="m_-7198330805867019477gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>}</div><div>}</div><div><br></div><div> filelog {</div><div> /var/log/charon.log {</div><div> # add a timestamp prefix</div><div> time_format = %b %e %T</div><div> # prepend connection name, simplifies grepping</div><div> ike_name = yes</div><div> # overwrite existing files</div><div> append = no</div><div> # increase default loglevel for all daemon subsystems</div><div> default = 10</div><div> # flush each line to disk</div><div> flush_line = yes</div><div> }</div><div><span class="m_-7198330805867019477gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>stderr {</div><div> # more detailed loglevel for a specific subsystem, overriding the</div><div> # default loglevel.</div><div> ike = 4</div><div><span class="m_-7198330805867019477gmail-Apple-tab-span" style="white-space:pre-wrap"> </span> cfg = 4</div><div><span class="m_-7198330805867019477gmail-Apple-tab-span" style="white-space:pre-wrap"> </span> asn = 4</div><div><span class="m_-7198330805867019477gmail-Apple-tab-span" style="white-space:pre-wrap"> </span> app = 4</div><div> tls = 4</div><div> <span class="m_-7198330805867019477gmail-Apple-tab-span" style="white-space:pre-wrap"> </span> esp = 4</div><div> chd = 4</div><div> knl = 0</div><div> </div><div> }</div><div> }</div><div><br></div><div><br></div><div><br></div></div></div><div>include strongswan.d/charon/*.conf</div></div><div><br></div><div><br></div><div><br></div><div><br></div><div><b><br></b></div><div><div><b>root@Xilinx-ZCU102-2016_1:/<wbr>usr/etc/strongswan.d/charon# ls</b></div><div>aes.conf pem.conf sha1.conf</div><div>attr.conf pgp.conf sha2.conf</div><div>cmac.conf pkcs1.conf socket-default.conf</div><div>constraints.conf pkcs11.conf sshkey.conf</div><div>des.conf pkcs12.conf stroke.conf</div><div>dnskey.conf pkcs7.conf updown.conf</div><div>fips-prf.conf pkcs8.conf vici.conf</div><div>hmac.conf pubkey.conf x509.conf</div><div>kernel-netlink.conf random.conf xauth-generic.conf</div><div>md5.conf rc2.conf xcbc.conf</div><div>nonce.conf resolve.conf</div><div>openssl.conf revocation.conf</div></div><div><br></div><div><br></div><div><div>root@Xilinx-ZCU102-2016_1:/<wbr>usr/etc/strongswan.d/charon# <b>cat nonce.conf</b></div><div>nonce {</div><div><br></div><div> # Whether to load the plugin. Can also be an integer to increase the</div><div> # priority of this plugin.</div><div> load = yes</div><div><br></div><div>}</div></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Oct 18, 2016 at 3:03 PM, Thomas Egerer <span dir="ltr"><<a href="mailto:hakke_007@gmx.de" target="_blank">hakke_007@gmx.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Rajeev,<br>
<br>
I guess, the config option '--enable-monolithic' option<br>
builds charon with all plugins compiled into one binary<br>
blob. Try and remove this option. Then remove the<br>
load_modular option from your strongwan.conf, or place<br>
the configuration snippets in your file system as<br>
described in [1]. Then of course, you would have to<br>
remove the load keyword from your strongswan.conf.<br>
<br>
Cheers,<br>
Thomas<br>
<br>
[1] <a href="https://wiki.strongswan.org/projects/strongswan/wiki/Strongswandirectory" rel="noreferrer" target="_blank">https://wiki.strongswan.org/pr<wbr>ojects/strongswan/wiki/Strongs<wbr>wandirectory</a><div><div class="m_-7198330805867019477h5"><br>
<br>
On 10/18/2016 04:37 PM, rajeev nohria wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="m_-7198330805867019477h5">
Noel,<br>
<br>
I still having issue after going through many hit and trial method to<br>
fix this,<br>
<br>
root@Xilinx-ZCU102-2016_1:~# charon<br>
00[DMN] Starting IKE charon daemon (strongSwan 5.5.0, Linux 4.4.0, aarch64)<br>
00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet<br>
dependency: NONCE_GEN<br>
00[LIB] feature CUSTOM:libcharon-receiver in critical plugin 'charon'<br>
has unmet dependency: HASHER:HASH_SHA1<br>
00[LIB] feature CUSTOM:libcharon-sa-managers in critical plugin 'charon'<br>
has unmet dependency: HASHER:HASH_SHA1<br>
00[LIB] failed to load 3 critical plugin features<br>
00[DMN] initialization failed - aborting charon<br>
<br>
<br>
Makefile:<br>
<br>
CONF_OPTS += --disable-gmp --enable-monolithic --enable-openssl<br>
--enable-pkcs11 --enable-vici --enable-x509 --enable-nonce<br>
<br>
<br>
<br>
<br>
strongswan.conf<br>
# strongswan.conf - strongSwan configuration file<br>
#<br>
# Refer to the strongswan.conf(5) manpage for details<br>
#<br>
# Configuration changes should be made in the included files<br>
<br>
swanctl {<br>
load = pem pkcs1 x509 revocation constraints pubkey openssl random<br>
}<br>
<br>
charon {<br>
load_modular = yes<br>
load = sha1 pem pkcs1 x509 revocation constraints pubkey openssl random<br>
nonce curl kernel-netlink socket-default updown vici<br>
<br>
plugins {<br>
include strongswan.d/charon/*.conf<br>
}<br>
}<br>
<br>
filelog {<br>
/var/log/charon.log {<br>
# add a timestamp prefix<br>
time_format = %b %e %T<br>
# prepend connection name, simplifies grepping<br>
ike_name = yes<br>
# overwrite existing files<br>
append = no<br>
# increase default loglevel for all daemon subsystems<br>
default = 10<br>
# flush each line to disk<br>
flush_line = yes<br>
}<br>
stderr {<br>
# more detailed loglevel for a specific subsystem,<br>
overriding the<br>
# default loglevel.<br>
ike = 4<br>
cfg = 4<br>
asn = 4<br>
app = 4<br>
tls = 4<br>
esp = 4<br>
chd = 4<br>
knl = 0<br>
<br>
}<br>
}<br>
<br>
<br>
On Sat, Oct 8, 2016 at 7:41 PM, Noel Kuntze <<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a><br></div></div><span>
<mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a><wbr>>> wrote:<br>
<br>
Hello Rajeevm<br>
><br>
> 00[DMN] Starting IKE charon daemon (strongSwan 5.5.0, Linux 4.4.0, aarch64)<br>
> 00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet dependency: NONCE_GEN<br>
> 00[LIB] feature CUSTOM:libcharon-receiver in critical plugin 'charon' has unmet dependency: HASHER:HASH_SHA1<br>
> 00[LIB] feature CUSTOM:libcharon-sa-managers in critical plugin 'charon' has unmet dependency: HASHER:HASH_SHA1<br>
> 00[LIB] failed to load 3 critical plugin features<br>
> 00[DMN] initialization failed - aborting charon<br>
<br>
You need the sha1 or the openssl plugin, as well as the nonce plugin.<br>
Please use google[1] next time.<br>
<br>
[1]<br>
<a href="https://encrypted.google.com/search?hl=en&q=site%3Awiki.strongswan.org%20%22libcharon%20in%20critical%20plugin%20%27charon%27%20has%20unmet%20dependency%3A%20NONCE_GEN%22" rel="noreferrer" target="_blank">https://encrypted.google.com/s<wbr>earch?hl=en&q=site%3Awiki.stro<wbr>ngswan.org%20%22libcharon%20in<wbr>%20critical%20plugin%20%27char<wbr>on%27%20has%20unmet%20dependen<wbr>cy%3A%20NONCE_GEN%22</a><br>
<<a href="https://encrypted.google.com/search?hl=en&q=site%3Awiki.strongswan.org%20%22libcharon%20in%20critical%20plugin%20%27charon%27%20has%20unmet%20dependency%3A%20NONCE_GEN%22" rel="noreferrer" target="_blank">https://encrypted.google.com/<wbr>search?hl=en&q=site%3Awiki.str<wbr>ongswan.org%20%22libcharon%20i<wbr>n%20critical%20plugin%20%27cha<wbr>ron%27%20has%20unmet%20depende<wbr>ncy%3A%20NONCE_GEN%22</a>><br>
<br>
--<br>
<br>
Mit freundlichen Grüßen/Kind Regards,<br>
Noel Kuntze<br>
<br>
GPG Key ID: 0x63EC6658<br>
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br>
<br>
<br>
<br>
<br>
<br></span>
______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a><br>
<a href="https://lists.strongswan.org/mailman/listinfo/users" rel="noreferrer" target="_blank">https://lists.strongswan.org/m<wbr>ailman/listinfo/users</a><br>
<br>
</blockquote>
<br>
______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a><br>
<a href="https://lists.strongswan.org/mailman/listinfo/users" rel="noreferrer" target="_blank">https://lists.strongswan.org/m<wbr>ailman/listinfo/users</a></blockquote></div><br></div>
</div></div></blockquote></div><br></div>