<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Hi Tobias,</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
You are right. The plugin pkcs12 is not being loaded. <br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
By adding the ! to force loading it, confirms failure to load this plugin.<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Checking the items per the wiki, they look fine. What else could be missing?<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
1) The pkcs12 plugin is present.<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span> $ find |grep pkcs12.so<br>
</span>
<div> ./lib/ipsec/plugins/libstrongswan-pkcs12.so<br>
</div>
<span></span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt">
-------------------------------------------------------------------<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt">
</div>
2) strongswan.conf does include strongswan.d/charon:</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span>charon {<br>
</span>
<div>load = random nonce aes md5 sha1 sha2 pem pkcs8 pkcs12 curve25519 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown<br>
</div>
<div><br>
</div>
<div>multiple_authentication=no<br>
</div>
<div>plugins {<br>
</div>
<div> include strongswan.d/charon/*.conf<br>
</div>
<div>}<br>
</div>
<div><br>
</div>
<div>syslog {<br>
</div>
<div> daemon {<br>
</div>
<div> tls = 2<br>
</div>
<div> }<br>
</div>
<div>} <br>
</div>
<div><br>
</div>
<div>}<br>
</div>
<div><br>
</div>
<div>include strongswan.d/*.conf<br>
</div>
<span></span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
-------------------------------------------------------------------<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
3) pkcs12.conf does have load=yes</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span><br>
</span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span>/etc/strongswan.d/charon# cat pkcs12.conf<br>
</span>
<div>pkcs12 {<br>
</div>
<div><br>
</div>
<div> # Whether to load the plugin. Can also be an integer to increase the<br>
</div>
<div> # priority of this plugin.<br>
</div>
<div> load = yes<br>
</div>
<div><br>
</div>
<div>}<br>
</div>
<span></span><br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt">
-------------------------------------------------------------------<br>
</div>
4) Yes I compiled strongswan myself.</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Here is the configuration:</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<pre>./configure --prefix=/usr --sysconfdir=/etc \
--enable-monolithic --enable-openssl --enable-kernel-libipsec \
--enable-eap-identity --enable-eap-mschapv2 --enable-eap-md5 --enable-eap-aka \
--enable-eap-tls --enable-eap-ttls --enable-error-notify \
--enable-eap-aka-3gpp --enable-eap-aka-3gpp2 \
--enable-eap-peap --enable-eap-dynamic --enable-ipseckey \
--enable-eap-sim --enable-eap-sim-file --enable-acert \
--enable-agent --enable-files --enable-ctr --enable-ccm</pre>
I believe pkcs12 is enabled by default. Perhaps it's missing other packages?</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Thanks,</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Peter<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Tobias Brunner <tobias@strongswan.org><br>
<b>Sent:</b> Tuesday, February 5, 2019 12:12 AM<br>
<b>To:</b> Peter Hsiang; users@lists.strongswan.org<br>
<b>Subject:</b> Re: [strongSwan] ipsec.secrets loading p12 file fail due to no CRED_CONTAINER during enumeration</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">Hi Peter,<br>
<br>
> Any idea why there is no pkcs12 in the log message?<br>
<br>
<a href="https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#Plugin-is-missing">https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#Plugin-is-missing</a><br>
<br>
Regards,<br>
Tobias<br>
</div>
</span></font></div>
<DIV>
<HR>
</DIV>
<DIV>This email message is for the sole use of the intended recipient(s) and may
contain confidential information. Any unauthorized review, use, disclosure
or distribution is prohibited. If you are not the intended recipient,
please contact the sender by reply email and destroy all copies of the original
message. </DIV>
<DIV>
<HR>
</DIV>
</body>
</html>