<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Hi Tobias,</div><div><br></div><div>I came across the same issue that someone else had raised with you 10 months ago. Unfortunately it seems he was right about the bug.</div><div><a href="https://wiki.strongswan.org/issues/3290">https://wiki.strongswan.org/issues/3290</a><br></div><div><br></div><div>This is what I'm getting:</div><div>Oct 16 07:36:48 de-fsn-x charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.0, Linux 5.4.0-1028-aws, x86_64)<br></div><div dir="ltr"><div dir="ltr">Oct 16 07:36:48 de-fsn-x charon: 00[KNL] unable to create IPv4 routing table rule</div><div dir="ltr">Oct 16 07:36:48 de-fsn-x charon: 00[KNL] unable to create IPv6 routing table rule</div><div dir="ltr">Oct 16 07:36:48 de-fsn-x charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'</div><div dir="ltr">Oct 16 07:36:48 de-fsn-x charon: 00[CFG] loaded ca certificate "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3" from '/etc/ipsec.d/cacerts/chain.pem'</div><div dir="ltr">Oct 16 07:36:48 de-fsn-x charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'</div><div dir="ltr">Oct 16 07:36:48 de-fsn-x ipsec[1855]: /usr/libexec/ipsec/charon: symbol lookup error: /usr/lib/ipsec/plugins/libstrongswan-wolfssl.so: undefined symbol: mp_read_unsigned_bin</div><div dir="ltr">Oct 16 07:36:48 de-fsn-x charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'</div><div dir="ltr">Oct 16 07:36:48 de-fsn-x charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'</div><div dir="ltr">Oct 16 07:36:48 de-fsn-x ipsec[506]: charon has died -- restart scheduled (5sec)</div><div dir="ltr">Oct 16 07:36:48 de-fsn-x ipsec[506]: charon refused to be started</div><div dir="ltr">Oct 16 07:36:48 de-fsn-x charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'</div><div dir="ltr">Oct 16 07:36:48 de-fsn-x charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'</div><div dir="ltr"><br></div><div>This is how I compiled everything:</div><div><br></div><div><div><font face="monospace">git clone <a href="https://github.com/wolfSSL/wolfssl.git">https://github.com/wolfSSL/wolfssl.git</a></font></div><div><font face="monospace">cd wolfssl/</font></div><div><font face="monospace">./autogen.sh</font></div><div><font face="monospace">./configure --disable-crypttests --disable-examples --enable-keygen --enable-rsapss --enable-aesccm --enable-aesctr --enable-des3 --enable-camellia --enable-curve25519 --enable-ed25519 --enable-curve448 --enable-ed448 --enable-sha3 --enable-shake256</font></div><div><font face="monospace">make</font></div><div><font face="monospace">make check</font></div><div><font face="monospace">make install</font></div><div><font face="monospace">mv /usr/local/lib/libwolfssl.* /usr/lib/</font></div><div><font face="monospace">cd ..</font></div></div><div><font face="monospace">wget <a href="https://download.strongswan.org/strongswan-5.9.0.tar.bz2">https://download.strongswan.org/strongswan-5.9.0.tar.bz2</a><br></font></div><div><div><font face="monospace">tar xjvf strongswan-5.9.0.tar.bz2</font></div><div><font face="monospace">cd strongswan-5.9.0</font></div><div><font face="monospace">./configure --prefix=/usr --sysconfdir=/etc --enable-eap-radius --enable-eap-identity --enable-systemd --enable-swanctl --enable-gcm --enable-aesni --enable-wolfssl</font></div><div><font face="monospace">make install</font></div></div><div dir="ltr"><br></div><div dir="ltr"><br></div><div>Thank you,</div><div>Houman</div><div dir="ltr"><br></div></div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, 15 Oct 2020 at 19:31, Houman <<a href="mailto:houmie@gmail.com" target="_blank">houmie@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hello Tobias,<div><br></div><div>Thank you for your reply. Excellent, now I understand. </div><div><br></div><div>If I compile WolfSSL into /usr/local/lib and then compile StrongSwan with --enable-wolfssl. Will StrongSwan automatically pick up the latest WolfSSL lib like that?</div><div>Or do I need to set a path as well?</div><div><br></div><div>Many Thanks,</div><div>Houman</div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, 15 Oct 2020 at 16:53, Tobias Brunner <<a href="mailto:tobias@strongswan.org" target="_blank">tobias@strongswan.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">Hi,<br>
<br>
> Is that another plugin that I need to compile?<br>
<br>
Yes, you need one of the third-party crypto plugins (openssl, wolfssl,<br>
botan). See [1] for the list of all algorithms and the plugins that<br>
provide them.<br>
<br>
Regards,<br>
Tobias<br>
<br>
[1] <a href="https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites" rel="noreferrer" target="_blank">https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites</a><br>
</blockquote></div>
</blockquote></div>