<html><head><style>body{font-family:Helvetica,Arial;font-size:13px}</style></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">Hi Jafar,</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">You are right! </div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">After I allowed user “frr” to access “charon.vici”, the error message is gone.</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">Now I’m getting this error message.</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">2017/11/08 15:41:45 NHRP: VICI: StrongSwan does not support mandatory events (unpatched?)</div> <div><br></div><div><br></div><div>I installed tteras’ patched version of strongswan.</div><div>However I’m not sure how to tell if it’s properly installed.</div><div><br></div><div>I got it from git: git clone <a href="git://git.alpinelinux.org/user/tteras/strongswan">git://git.alpinelinux.org/user/tteras/strongswan</a></div><div>Then I used the “autogen.sh” script, then “configure", then “make; make install”.</div><div><br></div><div>Not sure if I have done anything wrong, or missed anything.</div><div><br></div><div>Is there a way to validate that Strongswan is properly patched and installed?</div><div><br></div><div>Regards,</div><div><br></div><div>Terry</div><br> <div id="bloop_sign_1510127286474391040" class="bloop_sign"><div style="font-family:helvetica,arial;font-size:13px"><br></div></div> <br><p class="airmail_on">On 8 November 2017 at 00:34:52, Jafar Al-Gharaibeh (<a href="mailto:jafar@atcorp.com">jafar@atcorp.com</a>) wrote:</p> <blockquote type="cite" class="clean_bq"><span><div text="#000000" bgcolor="#FFFFFF"><div></div><div>
<title></title>
Terry,<br>
<br>
From the limited information you are giving, my
guess is that nhrpd doesn't have permissions to access the VICI
socket. nhrpd is probably configured as part of
FRR/Quagga with permissions to access /var/run/frr or
/var/run/quagga only. Whereas the vici socket, according to<br>
<br>
<a class="moz-txt-link-freetext" href="https://wiki.strongswan.org/projects/strongswan/wiki/VICI">https://wiki.strongswan.org/projects/strongswan/wiki/VICI</a><br>
<br>
is: <span style="color: rgb(54, 0, 12); font-family: Verdana, sans-serif; font-size: 12.6px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">
unix:///var/run/charon.vici</span><br>
<br>
Give nhrpd permissions to access to this file and you should be
good to.<br>
<br>
--Jafar<br>
<br>
<br>
<div class="moz-cite-prefix">On 11/7/2017 10:06 AM, Chengcheng Fu
wrote:<br></div>
<blockquote type="cite" cite="mid:5047C700-A9CF-44A9-9ACD-4733344FDD15@icloud.com">
<div><br></div>
<blockquote type="cite">
<div>
Hi,
<div><br></div>
<div>I’m trying to setup nhrpd with strongswan, and I’m getting
this error message.</div>
<div><br></div>
<div>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;">
<span style="font-size: 12pt;">Failure connecting VICI socket:
permission denied</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;">
<span style="font-size: 12pt;"><br></span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;">
<span style="font-size: 12pt;">I wonder if there is a way to test
the VICI socket and see if it’s running properly?</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;">
<span style="font-size: 12pt;"><br></span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;">
<span style="font-size: 12pt;">Regards,</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;">
<span style="font-size: 12pt;"><br></span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;">
<span style="font-size: 12pt;">Terry</span></p>
</div>
</div>
</blockquote>
</blockquote>
<br>
</div></div></span></blockquote></body></html>