[strongSwan] strongswan.conf plugin list

Peter Winterer winterer at informatik.uni-freiburg.de
Wed Mar 23 17:58:26 CET 2011

Hi all,
I just made an upgrade from strongswan version 4.4.1 to  4.5.1

Our gateway assigns virtual IP addresses from a sqlite db pool to the
clients. After upgrading to 4.5.1, virtual  IP address assignment
doesn't work anymore. I was getting the following error in the log:

09[IKE] peer requested virtual IP %any6
09[CFG] acquiring address from pool 'pool' failed
09[IKE] no virtual IP found, sending INTERNAL_ADDRESS_FAILURE

The "ipsec pool .." commands worked fine, as with version 4.4.1

After manually specifying the plugin list in the the strongswan.conf, it
worked again. With version 4.4.1 there was no need to specify the
"load"-Option in the strongswan.conf. And the user documentation
recommends, not to specify the plugin list manually. Why do I have to
specify the plugin list manually?



charon {
               load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random
x509 revocation hmac xcbc stroke kernel-netlink socket-default sqlite
attr-sql updown

        plugins {
                eap-radius {
                                secret = SECRET
                                server = IP


libhydra {
        plugins {
                attr-sql {
                        loglevel = -1
                        database = sqlite:///etc/ipsec.d/ipsec.db
pool {
      load = sqlite

manager {
  # path to your database
  database = sqlite:////etc/ipsec.d/manager.db


--prefix=/usr --mandir=\$${prefix}/share/man
--infodir=\$${prefix}/share/info CFLAGS="$(CFLAGS)"  --sysconfdir=/etc
--enable-smp --enable-manager --enable-sqlite --with-group=vpn
--enable-sql --disable-pluto --enable-curl --enable-eap-identity
--enable-eap-mschapv2 --enable-eap-radius --enable-md4

More information about the Users mailing list