[strongSwan] strongswan and playbook issues

dan paolino zinv at optonline.net
Fri Apr 13 14:50:25 CEST 2012 

After fixing the simple issue i had originally had i get a little bit 
farther in the process but im still receiving an authentication error on 
my playbook. It seems like the authorization is working fine but after 
it tries to set the ip the server just continues to send keepalive 
packets even though the playbook has givin up on the connection.

  Starting IKEv2 charon daemon (strongSwan 4.3.2)
Apr 13 08:47:00 ZORO charon: 01[LIB] loading plugin 'sha1' failed: 
/usr/lib/ipsec/plugins/libstrongswan-sha1.so: cannot open shared object 
file: No such file or directory
Apr 13 08:47:00 ZORO charon: 01[LIB] loading plugin 'fips-prf' failed: 
/usr/lib/ipsec/plugins/libstrongswan-fips-prf.so: cannot open shared 
object file: No such file or directory
Apr 13 08:47:00 ZORO charon: 01[KNL] listening on interfaces:
Apr 13 08:47:00 ZORO charon: 01[KNL]   eth1
Apr 13 08:47:00 ZORO charon: 01[KNL]     192.168.1.104
Apr 13 08:47:00 ZORO charon: 01[KNL]     fe80::a00:27ff:fe92:7943
Apr 13 08:47:00 ZORO charon: 01[CFG] loading ca certificates from 
'/etc/ipsec.d/cacerts'
Apr 13 08:47:00 ZORO charon: 01[CFG] loading aa certificates from 
'/etc/ipsec.d/aacerts'
Apr 13 08:47:00 ZORO charon: 01[CFG] loading ocsp signer certificates 
from '/etc/ipsec.d/ocspcerts'
Apr 13 08:47:00 ZORO charon: 01[CFG] loading attribute certificates from 
'/etc/ipsec.d/acerts'
Apr 13 08:47:00 ZORO charon: 01[CFG] loading crls from 
'/etc/ipsec.d/crls'
Apr 13 08:47:00 ZORO charon: 01[CFG] loading secrets from 
'/etc/ipsec.secrets'
Apr 13 08:47:00 ZORO charon: 01[CFG]   loaded IKE secret for %any
Apr 13 08:47:00 ZORO charon: 01[CFG]   loaded EAP secret for zinv
Apr 13 08:47:00 ZORO charon: 01[LIB] loading plugin 'sql' failed: 
/usr/lib/ipsec/plugins/libstrongswan-sql.so: cannot open shared object 
file: No such file or directory
Apr 13 08:47:00 ZORO charon: 01[LIB] loading plugin 'attr' failed: 
/usr/lib/ipsec/plugins/libstrongswan-attr.so: cannot open shared object 
file: No such file or directory
Apr 13 08:47:00 ZORO charon: 01[CFG] no RADUIS secret defined
Apr 13 08:47:00 ZORO charon: 01[CFG] RADIUS plugin initialization failed
Apr 13 08:47:00 ZORO charon: 01[LIB] loading plugin 'eapradius' failed: 
plugin_create() returned NULL
Apr 13 08:47:00 ZORO charon: 01[CFG] mediation database URI not defined, 
skipped
Apr 13 08:47:00 ZORO charon: 01[LIB] loading plugin 'medsrv' failed: 
plugin_create() returned NULL
Apr 13 08:47:00 ZORO charon: 01[CFG] mediation client database URI not 
defined, skipped
Apr 13 08:47:00 ZORO charon: 01[LIB] loading plugin 'medcli' failed: 
plugin_create() returned NULL
Apr 13 08:47:00 ZORO charon: 01[LIB] loading plugin 'resolv-conf' 
failed: /usr/lib/ipsec/plugins/libstrongswan-resolv-conf.so: cannot open 
shared object file: No such file or directory
Apr 13 08:47:00 ZORO charon: 01[DMN] loaded plugins: curl ldap random 
x509 pubkey openssl xcbc hmac agent gmp kernel-netlink stroke updown 
eapidentity eapmd5 eapgtc eapaka eapmschapv2 nm
Apr 13 08:47:00 ZORO charon: 01[JOB] spawning 16 worker threads
Apr 13 08:47:00 ZORO charon: 07[CFG] received stroke: add connection 
'rem'
Apr 13 08:47:00 ZORO charon: 07[CFG] added configuration 'rem'
Apr 13 08:47:00 ZORO charon: 07[CFG] adding virtual IP address pool 
'rem': 192.168.1.120/24
Apr 13 08:47:17 ZORO charon: 09[NET] received packet: from 
75.99.83.90[500] to 192.168.1.104[500]
Apr 13 08:47:17 ZORO charon: 09[ENC] parsed IKE_SA_INIT request 0 [ SA 
KE No N(NATD_S_IP) N(NATD_D_IP) ]
Apr 13 08:47:17 ZORO charon: 09[IKE] 75.99.83.90 is initiating an IKE_SA
Apr 13 08:47:17 ZORO charon: 09[IKE] local host is behind NAT, sending 
keep alives
Apr 13 08:47:17 ZORO charon: 09[IKE] remote host is behind NAT
Apr 13 08:47:17 ZORO charon: 09[ENC] generating IKE_SA_INIT response 0 [ 
SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
Apr 13 08:47:17 ZORO charon: 09[NET] sending packet: from 
192.168.1.104[500] to 75.99.83.90[500]
Apr 13 08:47:17 ZORO charon: 10[NET] received packet: from 
75.99.83.90[13014] to 192.168.1.104[4500]
Apr 13 08:47:17 ZORO charon: 10[ENC] parsed IKE_AUTH request 1 [ IDi 
AUTH CP N(INIT_CONTACT) N(MOBIKE_SUP) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) 
SA TSi TSr ]
Apr 13 08:47:17 ZORO charon: 10[CFG] looking for peer configs matching 
192.168.1.104[%any]...75.99.83.90[122.105.110.118]
Apr 13 08:47:17 ZORO charon: 10[CFG] selected peer config 'rem'
Apr 13 08:47:17 ZORO charon: 10[IKE] authentication of '122.105.110.118' 
with pre-shared key successful
Apr 13 08:47:17 ZORO charon: 10[IKE] peer supports MOBIKE
Apr 13 08:47:17 ZORO charon: 10[IKE] authentication of '192.168.1.104' 
(myself) with pre-shared key
Apr 13 08:47:17 ZORO charon: 10[IKE] scheduling reauthentication in 
3363s
Apr 13 08:47:17 ZORO charon: 10[IKE] maximum IKE_SA lifetime 3543s
Apr 13 08:47:17 ZORO charon: 10[IKE] IKE_SA rem[1] established between 
192.168.1.104[192.168.1.104]...75.99.83.90[122.105.110.118]
Apr 13 08:47:17 ZORO charon: 10[IKE] peer requested virtual IP %any
Apr 13 08:47:17 ZORO charon: 10[CFG] assigning new lease to 
'122.105.110.118'
Apr 13 08:47:17 ZORO charon: 10[IKE] assigning virtual IP 192.168.1.121 
to peer
Apr 13 08:47:17 ZORO charon: 10[IKE] CHILD_SA rem{1} established with 
SPIs cc3d590e_i 460ca470_o and TS 0.0.0.0/0 === 192.168.1.121/32
Apr 13 08:47:17 ZORO charon: 10[ENC] generating IKE_AUTH response 1 [ 
IDr AUTH CP SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
Apr 13 08:47:17 ZORO charon: 10[NET] sending packet: from 
192.168.1.104[4500] to 75.99.83.90[13014]

Below this are my configuration files:


strongswan.conf

Code:
# strongswan.conf - strongSwan configuration file

charon {
    	dns1 = 192.168.1.104	
	# number of worker threads in charon
	threads = 16
	
	# plugins to load in charon
	# load = aes des sha1 md5 sha2 hmac gmp random pubkey xcbc x509 stroke
#	load = curl ldap aes des sha1 sha2 md5 random x509 pubkey pkcs1 pgp 
dnskey pem openssl fips-prf xcbc hmac agent gmp attr kernel-netlink 
socket-raw  stroke updown eap-identity eap-aka eap-md5 eap-gtc 
eap-mschapv2 dhcp resolve

	plugins {

		sql {
			# loglevel to log into sql database
			loglevel = -1
			
			# URI to the database
			# database = sqlite:///path/to/file.db
			# database = mysql://user:password@localhost/database
		}
	}
	
	# ...
}

pluto {

	# plugins to load in pluto
	# load = aes des sha1 md5 sha2 hmac gmp random pubkey
	
}

libstrongswan {

	#  set to no, the DH exponent size is optimized
	#  dh_exponent_ansi_x9_42 = no
}
ipsec.conf

Code:
config setup
	strictcrlpolicy=no
	plutostart=no
conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	keyexchange=ikev2
	dpdaction=clear
	dpddelay=300s
conn rem
	left=192.168.1.104
	leftsubnet=0.0.0.0/0
	leftauth=psk
	right=%any
	rightsourceip=192.168.1.120/24
	rightauth=psk
	rightsendcert=never
	auto=add



Id also like to add that im running a pptp vpn on the same box. Could 
this be interfering with the strongswan connection?

More information about the Users mailing list