[strongSwan] config which worked with 4.3.2 does not work with 4.4.0
Wolfgang Walter
wolfgang.walter at stwm.de
Tue Jul 6 20:53:52 CEST 2010
Am Dienstag, 6. Juli 2010 schrieb Andreas Steffen:
> Hi Wolfgang,
>
> I suspect that either the socket_default (IKEv2 only running)
> or socket_raw (IKEv1 & IKEv2 running) plugin is not loaded.
> Could you provide a strongSwan log file?
>
This is the log from hummel (I made some things anonymous).
The log from biene is analog.
I checked with tcpdump that both packets were sent and arrived.
===================================================================================
Jun 29 23:58:54 hummel charon: 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.4.0)
Jun 29 23:58:54 hummel charon: 00[CFG] attr-sql plugin: database URI not set
Jun 29 23:58:54 hummel charon: 00[LIB] plugin 'attr-sql': failed to load - attr_sql_plugin_create returned NULL
Jun 29 23:58:54 hummel charon: 00[KNL] listening on interfaces:
Jun 29 23:58:54 hummel charon: 00[KNL] eth0
Jun 29 23:58:54 hummel charon: 00[KNL] 10.10.10.2
Jun 29 23:58:54 hummel charon: 00[KNL] fe80::xxxx:xxxx:xxxx:xxxx
Jun 29 23:58:54 hummel charon: 00[KNL] is0
Jun 29 23:58:54 hummel charon: 00[KNL] xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:a0a:a02
Jun 29 23:58:54 hummel charon: 00[KNL] fe80::5efe:a0a:a02
Jun 29 23:58:54 hummel charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Jun 29 23:58:54 hummel charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Jun 29 23:58:54 hummel charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Jun 29 23:58:54 hummel charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Jun 29 23:58:54 hummel charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Jun 29 23:58:54 hummel charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Jun 29 23:58:54 hummel charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/hummelKey.pem'
Jun 29 23:58:54 hummel charon: 00[CFG] sql plugin: database URI not set
Jun 29 23:58:54 hummel charon: 00[LIB] plugin 'sql': failed to load - sql_plugin_create returned NULL
Jun 29 23:58:54 hummel charon: 00[CFG] no RADUIS secret defined
Jun 29 23:58:54 hummel charon: 00[CFG] RADIUS plugin initialization failed
Jun 29 23:58:54 hummel charon: 00[LIB] plugin 'eap-radius': failed to load - eap_radius_plugin_create returned NULL
Jun 29 23:58:54 hummel charon: 00[CFG] mediation database URI not defined, skipped
Jun 29 23:58:54 hummel charon: 00[LIB] plugin 'medsrv': failed to load - medsrv_plugin_create returned NULL
Jun 29 23:58:54 hummel charon: 00[CFG] mediation client database URI not defined, skipped
Jun 29 23:58:54 hummel charon: 00[LIB] plugin 'medcli': failed to load - medcli_plugin_create returned NULL
Jun 29 23:58:54 hummel charon: 00[LIB] plugin 'nm': failed to
load '/usr/lib/ipsec/plugins/libstrongswan-nm.so' - /usr/lib/ipsec/plugins/libstrongswan-nm.so: cannot open shared object file: No such
file or directory
Jun 29 23:58:54 hummel charon: 00[CFG] HA config misses local/remote address
Jun 29 23:58:54 hummel charon: 00[LIB] plugin 'ha': failed to load - ha_plugin_create returned NULL
Jun 29 23:58:54 hummel charon: 00[DMN] loaded plugins: curl ldap aes des sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem openssl
fips-prf xcbc hmac agent gmp attr kernel-netlink socket-default socket-raw socket-dynamic farp stroke updown eap-identity eap-aka eap-md5
eap-gtc eap-mschapv2 dhcp resolve
Jun 29 23:58:54 hummel charon: 00[JOB] spawning 16 worker threads
Jun 29 23:58:54 hummel charon: 04[CFG] received stroke: add connection 'hummel_biene'
Jun 29 23:58:54 hummel charon: 04[CFG] loaded certificate "C=DE, CN=hummel" from 'hummelCert.pem'
Jun 29 23:58:54 hummel charon: 04[CFG] id '10.10.10.2' not confirmed by certificate, defaulting to 'C=DE, CN=hummel'
Jun 29 23:58:54 hummel charon: 04[CFG] loaded certificate "C=DE, CN=biene" from 'bieneCert.pem'
Jun 29 23:58:54 hummel charon: 04[CFG] id '10.10.10.1' not confirmed by certificate, defaulting to 'C=DE, CN=biene'
Jun 29 23:58:54 hummel charon: 04[CFG] added configuration 'hummel_biene'
Jun 29 23:58:54 hummel charon: 09[CFG] received stroke: initiate 'hummel_biene'
Jun 29 23:58:54 hummel charon: 09[IKE] initiating IKE_SA hummel_biene[1] to 10.10.10.1
Jun 29 23:58:54 hummel charon: 09[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Jun 29 23:58:54 hummel charon: 09[NET] sending packet: from 10.10.10.2[500] to 10.10.10.1[500]
Jun 29 23:58:54 hummel charon: 13[CFG] received stroke: add connection 'hummel_wespe'
Jun 29 23:58:54 hummel charon: 13[CFG] loaded certificate "C=DE, ST=XXXXX, L=XXXXX, O=XXXXX, CN=hummel, E=XXXXX" from 'hummelCert.der'
Jun 29 23:58:54 hummel charon: 13[CFG] id '10.10.10.2' not confirmed by certificate, defaulting to 'C=DE, ST=XXXXX, L=XXXXX, O=XXXXX,
CN=hummel, E=XXXXX'
Jun 29 23:58:54 hummel charon: 13[CFG] loaded certificate "C=DE, ST=XXXXX, L=XXXXX, O=XXXXX, CN=wespe, E=XXXXX" from 'wespeCert.der'
Jun 29 23:58:54 hummel charon: 13[CFG] id '10.10.10.3' not confirmed by certificate, defaulting to 'C=DE, ST=XXXXX, L=XXXXX, O=XXXXX,
CN=wespe, E=XXXXX'
Jun 29 23:58:54 hummel charon: 13[CFG] added configuration 'hummel_wespe'
Jun 29 23:58:54 hummel charon: 14[CFG] received stroke: initiate 'hummel_wespe'
Jun 29 23:58:54 hummel charon: 14[IKE] initiating IKE_SA hummel_wespe[2] to 10.10.10.3
Jun 29 23:58:54 hummel charon: 14[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Jun 29 23:58:54 hummel charon: 14[NET] sending packet: from 10.10.10.2[500] to 10.10.10.3[500]
Jun 29 23:58:58 hummel charon: 08[IKE] retransmit 1 of request with message ID 0
Jun 29 23:58:58 hummel charon: 08[NET] sending packet: from 10.10.10.2[500] to 10.10.10.1[500]
Jun 29 23:58:58 hummel charon: 04[IKE] retransmit 1 of request with message ID 0
Jun 29 23:58:58 hummel charon: 04[NET] sending packet: from 10.10.10.2[500] to 10.10.10.3[500]
Jun 29 23:59:06 hummel charon: 11[IKE] retransmit 2 of request with message ID 0
Jun 29 23:59:06 hummel charon: 11[NET] sending packet: from 10.10.10.2[500] to 10.10.10.1[500]
Jun 29 23:59:06 hummel charon: 09[IKE] retransmit 2 of request with message ID 0
Jun 29 23:59:06 hummel charon: 09[NET] sending packet: from 10.10.10.2[500] to 10.10.10.3[500]
Jun 29 23:59:18 hummel charon: 10[IKE] retransmit 3 of request with message ID 0
Jun 29 23:59:18 hummel charon: 10[NET] sending packet: from 10.10.10.2[500] to 10.10.10.1[500]
Jun 29 23:59:18 hummel charon: 13[IKE] retransmit 3 of request with message ID 0
Jun 29 23:59:18 hummel charon: 13[NET] sending packet: from 10.10.10.2[500] to 10.10.10.3[500]
Jun 29 23:59:42 hummel charon: 15[IKE] retransmit 4 of request with message ID 0
Jun 29 23:59:42 hummel charon: 15[NET] sending packet: from 10.10.10.2[500] to 10.10.10.1[500]
Jun 29 23:59:42 hummel charon: 14[IKE] retransmit 4 of request with message ID 0
Jun 29 23:59:42 hummel charon: 14[NET] sending packet: from 10.10.10.2[500] to 10.10.10.3[500]
Jun 30 00:00:24 hummel charon: 08[IKE] retransmit 5 of request with message ID 0
Jun 30 00:00:24 hummel charon: 08[NET] sending packet: from 10.10.10.2[500] to 10.10.10.1[500]
Jun 30 00:00:24 hummel charon: 04[IKE] retransmit 5 of request with message ID 0
Jun 30 00:00:24 hummel charon: 04[NET] sending packet: from 10.10.10.2[500] to 10.10.10.3[500]
Jun 30 00:01:39 hummel charon: 11[IKE] giving up after 5 retransmits
Jun 30 00:01:39 hummel charon: 11[IKE] peer not responding, trying again (2/3)
Jun 30 00:01:39 hummel charon: 09[IKE] giving up after 5 retransmits
Jun 30 00:01:39 hummel charon: 09[IKE] peer not responding, trying again (2/3)
Jun 30 00:01:39 hummel charon: 11[IKE] initiating IKE_SA hummel_biene[1] to 10.10.10.1
Jun 30 00:01:39 hummel charon: 11[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Jun 30 00:01:39 hummel charon: 11[NET] sending packet: from 10.10.10.2[500] to 10.10.10.1[500]
Jun 30 00:01:39 hummel charon: 09[IKE] initiating IKE_SA hummel_wespe[2] to 10.10.10.3
Jun 30 00:01:39 hummel charon: 09[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Jun 30 00:01:39 hummel charon: 09[NET] sending packet: from 10.10.10.2[500] to 10.10.10.3[500]
Jun 30 00:01:43 hummel charon: 10[IKE] retransmit 1 of request with message ID 0
Jun 30 00:01:43 hummel charon: 10[NET] sending packet: from 10.10.10.2[500] to 10.10.10.1[500]
Jun 30 00:01:43 hummel charon: 13[IKE] retransmit 1 of request with message ID 0
Jun 30 00:01:43 hummel charon: 13[NET] sending packet: from 10.10.10.2[500] to 10.10.10.3[500]
Jun 30 00:01:51 hummel charon: 15[IKE] retransmit 2 of request with message ID 0
Jun 30 00:01:51 hummel charon: 15[NET] sending packet: from 10.10.10.2[500] to 10.10.10.1[500]
Jun 30 00:01:51 hummel charon: 14[IKE] retransmit 2 of request with message ID 0
Jun 30 00:01:51 hummel charon: 14[NET] sending packet: from 10.10.10.2[500] to 10.10.10.3[500]
Jun 30 00:02:04 hummel charon: 08[IKE] retransmit 3 of request with message ID 0
Jun 30 00:02:04 hummel charon: 08[NET] sending packet: from 10.10.10.2[500] to 10.10.10.1[500]
Jun 30 00:02:04 hummel charon: 04[IKE] retransmit 3 of request with message ID 0
Jun 30 00:02:04 hummel charon: 04[NET] sending packet: from 10.10.10.2[500] to 10.10.10.3[500]
Jun 30 00:02:27 hummel charon: 11[IKE] retransmit 4 of request with message ID 0
Jun 30 00:02:27 hummel charon: 11[NET] sending packet: from 10.10.10.2[500] to 10.10.10.1[500]
Jun 30 00:02:27 hummel charon: 09[IKE] retransmit 4 of request with message ID 0
Jun 30 00:02:27 hummel charon: 09[NET] sending packet: from 10.10.10.2[500] to 10.10.10.3[500]
Jun 30 00:03:09 hummel charon: 10[IKE] retransmit 5 of request with message ID 0
Jun 30 00:03:09 hummel charon: 10[NET] sending packet: from 10.10.10.2[500] to 10.10.10.1[500]
Jun 30 00:03:09 hummel charon: 13[IKE] retransmit 5 of request with message ID 0
Jun 30 00:03:09 hummel charon: 13[NET] sending packet: from 10.10.10.2[500] to 10.10.10.3[500]
Jun 30 00:04:24 hummel charon: 15[IKE] giving up after 5 retransmits
Jun 30 00:04:24 hummel charon: 15[IKE] peer not responding, trying again (3/3)
Jun 30 00:04:24 hummel charon: 14[IKE] giving up after 5 retransmits
Jun 30 00:04:24 hummel charon: 14[IKE] peer not responding, trying again (3/3)
Jun 30 00:04:24 hummel charon: 15[IKE] initiating IKE_SA hummel_biene[1] to 10.10.10.1
Jun 30 00:04:24 hummel charon: 15[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Jun 30 00:04:24 hummel charon: 15[NET] sending packet: from 10.10.10.2[500] to 10.10.10.1[500]
Jun 30 00:04:24 hummel charon: 14[IKE] initiating IKE_SA hummel_wespe[2] to 10.10.10.3
Jun 30 00:04:24 hummel charon: 14[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Jun 30 00:04:24 hummel charon: 14[NET] sending packet: from 10.10.10.2[500] to 10.10.10.3[500]
Jun 30 00:04:28 hummel charon: 08[IKE] retransmit 1 of request with message ID 0
Jun 30 00:04:28 hummel charon: 08[NET] sending packet: from 10.10.10.2[500] to 10.10.10.1[500]
Jun 30 00:04:28 hummel charon: 04[IKE] retransmit 1 of request with message ID 0
Jun 30 00:04:28 hummel charon: 04[NET] sending packet: from 10.10.10.2[500] to 10.10.10.3[500]
Jun 30 00:04:36 hummel charon: 11[IKE] retransmit 2 of request with message ID 0
Jun 30 00:04:36 hummel charon: 11[NET] sending packet: from 10.10.10.2[500] to 10.10.10.1[500]
Jun 30 00:04:36 hummel charon: 09[IKE] retransmit 2 of request with message ID 0
Jun 30 00:04:36 hummel charon: 09[NET] sending packet: from 10.10.10.2[500] to 10.10.10.3[500]
Jun 30 00:04:49 hummel charon: 10[IKE] retransmit 3 of request with message ID 0
Jun 30 00:04:49 hummel charon: 10[NET] sending packet: from 10.10.10.2[500] to 10.10.10.1[500]
Jun 30 00:04:49 hummel charon: 13[IKE] retransmit 3 of request with message ID 0
Jun 30 00:04:49 hummel charon: 13[NET] sending packet: from 10.10.10.2[500] to 10.10.10.3[500]
Jun 30 00:05:12 hummel charon: 15[IKE] retransmit 4 of request with message ID 0
Jun 30 00:05:12 hummel charon: 15[NET] sending packet: from 10.10.10.2[500] to 10.10.10.1[500]
Jun 30 00:05:12 hummel charon: 14[IKE] retransmit 4 of request with message ID 0
Jun 30 00:05:12 hummel charon: 14[NET] sending packet: from 10.10.10.2[500] to 10.10.10.3[500]
Jun 30 00:05:54 hummel charon: 08[IKE] retransmit 5 of request with message ID 0
Jun 30 00:05:54 hummel charon: 08[NET] sending packet: from 10.10.10.2[500] to 10.10.10.1[500]
Jun 30 00:05:54 hummel charon: 04[IKE] retransmit 5 of request with message ID 0
Jun 30 00:05:54 hummel charon: 04[NET] sending packet: from 10.10.10.2[500] to 10.10.10.3[500]
Jun 30 00:06:21 hummel charon: 00[DMN] signal of type SIGINT received. Shutting down
Jun 30 00:06:21 hummel charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification
Jun 30 00:06:21 hummel charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification
Regards,
--
Wolfgang Walter
Studentenwerk München
Anstalt des öffentlichen Rechts
More information about the Users
mailing list