[strongSwan] strongswan.conf plugin list
Peter Winterer
winterer at informatik.uni-freiburg.de
Wed Mar 23 17:58:26 CET 2011
Hi all,
I just made an upgrade from strongswan version 4.4.1 to 4.5.1
Our gateway assigns virtual IP addresses from a sqlite db pool to the
clients. After upgrading to 4.5.1, virtual IP address assignment
doesn't work anymore. I was getting the following error in the log:
...
09[IKE] peer requested virtual IP %any6
09[CFG] acquiring address from pool 'pool' failed
09[IKE] no virtual IP found, sending INTERNAL_ADDRESS_FAILURE
...
The "ipsec pool .." commands worked fine, as with version 4.4.1
After manually specifying the plugin list in the the strongswan.conf, it
worked again. With version 4.4.1 there was no need to specify the
"load"-Option in the strongswan.conf. And the user documentation
recommends, not to specify the plugin list manually. Why do I have to
specify the plugin list manually?
Thanks!
peter
charon.conf:
....
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random
x509 revocation hmac xcbc stroke kernel-netlink socket-default sqlite
attr-sql updown
plugins {
eap-radius {
secret = SECRET
server = IP
}
}
}
libhydra {
plugins {
attr-sql {
loglevel = -1
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
}
pool {
load = sqlite
}
....
manager {
# path to your database
database = sqlite:////etc/ipsec.d/manager.db
...
}
...
configure:
--prefix=/usr --mandir=\$${prefix}/share/man
--infodir=\$${prefix}/share/info CFLAGS="$(CFLAGS)" --sysconfdir=/etc
--enable-smp --enable-manager --enable-sqlite --with-group=vpn
--enable-sql --disable-pluto --enable-curl --enable-eap-identity
--enable-eap-mschapv2 --enable-eap-radius --enable-md4
More information about the Users
mailing list