[strongSwan] upgrade to 4.4.0 and virt ip-address-pool

Tue May 25 10:39:59 CEST 2010

Hi Peter,

with the strongSwan 4.4 major release we moved the attr-sql plugin
from libstrongswan (which should handle crypto and authentication,
only) to the new libhydra (which will share more and more daemon
functionality between pluto and charon).

As a consequenceyou must move your database definition from

libstrongswan {
   plugins {
     attr-sql {
       database = sqlite:///etc/ipsec.d/ipsec.db
   }
}

to

libhydra {
   plugins {
     attr-sql {
       database = sqlite:///etc/ipsec.d/ipsec.db
   }
}

We apologize for the inconvenience!

Andreas

On 05/25/2010 10:16 AM, Peter Winterer wrote:
> Hi all,
> I just did an upgrade from strongswan 4.3.5 to 4.4.0.
> We are using an virtual ip-adresspool (sqlite) to assign ip-addresses from the
> server to the client. With 4.3.5 this works without any problems.
> After upgrading, I am getting the following error-message:
>
> ipsec pool --status :
>    database URI libhydra.plugins.attr-sql.database not set
>
> And the following message in the log, when I start "ipsec":
>
>
> Starting IKEv2 charon daemon (strongSwan 4.4.0)
> [CFG] attr-sql plugin: database URI not set
> [LIB] plugin 'attr-sql': failed to load - attr_sql_plugin_create returned NULL
>
>
> The plugins seem to be available:
>
> /usr/libexec/ipsec/plugins/libstrongswan-sql.a
> /usr/libexec/ipsec/plugins/libstrongswan-sql.la
> /usr/libexec/ipsec/plugins/libstrongswan-sqlite.so
> /usr/libexec/ipsec/plugins/libstrongswan-sqlite.a
> /usr/libexec/ipsec/plugins/libstrongswan-attr-sql.so
> /usr/libexec/ipsec/plugins/libstrongswan-sqlite.la
> /usr/libexec/ipsec/plugins/libstrongswan-attr-sql.la
> /usr/libexec/ipsec/plugins/libstrongswan-sql.so
> /usr/libexec/ipsec/plugins/libstrongswan-attr-sql.a
>
> /usr/lib/libhydra.la
> /usr/lib/libhydra.a
> /usr/lib/libhydra.so.0.0.0
> /usr/lib/libhydra.so.0 ->  libhydra.so.0.0.0
> /usr/lib/libhydra.so ->  libhydra.so.0.0.0
>
>
> strongswan.conf:
> ...
> libstrongswan {
>          plugins {
>                  attr-sql {
>
>                          # loglevel to log into sql database
>                          loglevel = -1
>
>                          # URI to the database
>                          # database = sqlite:///path/to/file.db
>                          database = sqlite:///etc/ipsec.d/ipsec.db
>                          # database = mysql://user:password@localhost/database
>                  }
>          }
> }
> pool {
>        load = sqlite
> }
> .....
>
>
>
> Any ideas? Thanks
> Peter

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==