[strongSwan] Site to Site with PSK Error

Chris Arnold carnold at electrichendrix.com
Sat Mar 31 21:40:36 CEST 2012 

StrongSwan 4.5.xx on SLES11 SP2. When running ipsec up net-net, i get:
/etc/init.d/ipsec start
Starting strongSwan 4.5.3 IPsec [starter]...
!! Your strongswan.conf contains manual plugin load options for
!! pluto and/or charon. This is recommended for experts only, see
!! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad

Here is the strongswan.conf load line:
charon {
    load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
 multiple_authentication = no

And in the charon.log file, i see:
Mar 31 15:29:34 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.5.3)
Mar 31 15:29:34 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Mar 31 15:29:34 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Mar 31 15:29:34 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Mar 31 15:29:34 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Mar 31 15:29:34 00[CFG] loading crls from '/etc/ipsec.d/crls'
Mar 31 15:29:34 00[CFG] loading secrets from '/etc/ipsec.secrets'
Mar 31 15:29:34 00[CFG]   loaded IKE secret for @servername.electricdomain.com
Mar 31 15:29:34 00[CFG]   loaded IKE secret for @servername.electricdomain.com %any
Mar 31 15:29:34 00[CFG]   loaded IKE secret for @servername.edensdomain.com
Mar 31 15:29:34 00[CFG]   loaded IKE secret for %any
Mar 31 15:29:34 00[CFG]   loaded IKE secret for 192.168.123.3
Mar 31 15:29:34 00[KNL] listening on interfaces:
Mar 31 15:29:34 00[KNL]   eth0
Mar 31 15:29:34 00[KNL]     192.168.123.3
Mar 31 15:29:34 00[KNL] received netlink error: Address family not supported by protocol (97)
Mar 31 15:29:34 00[KNL] unable to create IPv6 routing table rule
Mar 31 15:29:34 00[LIB] plugin 'socket-default' failed to load: /usr/lib/ipsec/plugins/libstrongswan-socket-default.so: cannot open shared object file: No such file or directory
Mar 31 15:29:34 00[DMN] loaded plugins: aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown 
Mar 31 15:29:34 00[JOB] spawning 16 worker threads
Mar 31 15:29:34 06[NET] no socket implementation registered, receiving failed
Mar 31 15:29:34 07[CFG] received stroke: add connection 'net-net'
Mar 31 15:29:34 07[CFG] left nor right host is our side, assuming left=local
Mar 31 15:29:34 07[CFG] added configuration 'net-net'

Then running ipsec up net-net:
received stroke: initiate 'net-net'
Mar 31 15:33:18 10[IKE] initiating IKE_SA net-net[1] to pu.bl.ic.ip
Mar 31 15:33:18 10[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Mar 31 15:33:18 10[NET] sending packet: from (moon)pu.bl.ic.ip to (sun)pu.bl.ic.ip[500]
Mar 31 15:33:18 05[NET] no socket implementation registered, sending failed
Mar 31 15:33:22 11[IKE] retransmit 1 of request with message ID 0
Mar 31 15:33:22 11[NET] sending packet: from (moon)pu.bl.ic.ip to (sun)pu.bl.ic.ip[500]
Mar 31 15:33:22 05[NET] no socket implementation registered, sending failed

It seems the socket-default plugin is causing the initial issue? /usr/lib/ipsec/plugins/libstrongswan-socket-default.so is NOT in that directory.

More information about the Users mailing list