[strongSwan] eap-mschapv2 NetworkManager

Peter Winterer winterer at informatik.uni-freiburg.de
Tue Oct 12 14:14:04 CEST 2010

Hi Tobias,
thank you very much for your answer!
Is there also an workaround for the strongSwan NetworkManager plugin?


Am 12.10.2010 13:40, schrieb Tobias Brunner:
>> 2.) However, with an ubuntu 10.10 box, with the new stable packages, I
>> can not establish a connection.
>> I think something is broken (both, EAP and certificate authentication).
>> Can someone please confirm this?
> Unfortunately, the package currently included in Ubuntu 10.10
> (4.4.0-2ubuntu1) is broken.  The current package in Debian (4.4.1-5) is
> fine however, so whenever that gets adopted in Ubuntu it should work again.
> The actual problem is that in the broken package all three socket
> implementations (socket-default, socket-dynamic, socket-raw) are
> compiled and loaded.  This somehow prevents charon from receiving any
> packets at all.  The three plugins are all used in different scenarios:
>  socket-default in case only IKEv2 is used, socket-dynamic for a special
> use case with dynamic ports and finally socket-raw which is used for
> mixed setups, with the IKEv1 daemon pluto running on the same host.
> For distributions socket-raw is in most cases the right choice.
> As a workaround you can explicitly specify the plugins to load in
> strongswan.conf (charon.load option).  The default list of plugins can
> be retrieved from the log file (or by starting the daemon with "ipsec
> start --nofork").  From that list remove the two unneeded socket
> implementations, so only socket-raw gets loaded (or socket-default, if
> you don't use IKEv1).

More information about the Users mailing list