[strongSwan] charon has unmet dependency: NONCE_GEN

Karl Hiramoto karl at hiramoto.org
Fri Aug 16 22:11:27 CEST 2013


Hi,

I can't get charon to start,  does anyone know what's missing or have a 
suggestion of what to check?


# ipsec restart
Stopping strongSwan IPsec failed: starter is not running
Starting strongSwan 5.1.0 IPsec [starter]...
No leaks detected, 1 suppressed by whitelist


syslog:

Aug 16 21:57:42 host ipsec_starter[4497]: Starting strongSwan 5.1.0 
IPsec [starter]...
Aug 16 21:57:42 host charon[4517]: 00[DMN] Starting IKE charon daemon 
(strongSwan 5.1.0, Linux 3.9.11, x86_64)
Aug 16 21:57:42 host charon[4517]: 00[LIB] feature CUSTOM:libcharon in 
critical plugin 'charon' has unmet dependency: NONCE_GEN
Aug 16 21:57:42 host charon[4517]: 00[CFG] loading ca certificates from 
'/etc/ipsec.d/cacerts'
Aug 16 21:57:42 host charon[4517]: 00[CFG]   loaded ca certificate 
"C=ES, ST=somewhere, L=somewhere, O=Xxx, OU=Xxx, CN=xx1" from 
'/etc/ipsec.d/cacerts/strongswanCert.pem'
Aug 16 21:57:43 host charon[4517]: 00[LIB] building CRED_CERTIFICATE - 
X509 failed, tried 3 builders
Aug 16 21:57:43 host charon[4517]: 00[CFG]   loading ca certificate from 
'/etc/ipsec.d/cacerts/strongswanKey.pem' failed
Aug 16 21:57:43 host charon[4517]: 00[CFG] loading aa certificates from 
'/etc/ipsec.d/aacerts'
Aug 16 21:57:43 host charon[4517]: 00[CFG] loading ocsp signer 
certificates from '/etc/ipsec.d/ocspcerts'
Aug 16 21:57:43 host charon[4517]: 00[CFG] loading attribute 
certificates from '/etc/ipsec.d/acerts'
Aug 16 21:57:43 host charon[4517]: 00[CFG] loading crls from 
'/etc/ipsec.d/crls'
Aug 16 21:57:43 host charon[4517]: 00[CFG] loading secrets from 
'/etc/ipsec.secrets'
Aug 16 21:57:43 host charon[4517]: 00[LIB] building CRED_PRIVATE_KEY - 
RSA failed, tried 4 builders
Aug 16 21:57:43 host charon[4517]: 00[CFG]   loading private key from 
'/etc/ipsec.d/private/moonKey.pem' failed
Aug 16 21:57:43 host charon[4517]: 00[LIB] failed to load 1 critical 
plugin feature
Aug 16 21:57:43 host charon[4517]: 00[DMN] initialization failed - 
aborting charon
Aug 16 21:57:43 host ipsec_starter[4516]: charon has quit: 
initialization failed
Aug 16 21:57:43 host ipsec_starter[4516]: charon refused to be started
Aug 16 21:57:43 host ipsec_starter[4516]: ipsec starter stopped


The configuration files I'm using are:
http://www.strongswan.org/uml/testresults4/ikev2/dhcp-dynamic/index.html

I generated the pem files with the examples in the README.


I'm using gentoo linux.  compile configure ops are:
./configure --prefix=/usr --build=x86_64-pc-linux-gnu 
--host=x86_64-pc-linux-gnu --mandir=/usr/share/man 
--infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc 
--localstatedir=/var/lib --libdir=/usr/lib64 --disable-silent-rules 
--disable-dependency-tracking --disable-static --enable-ikev1 
--enable-ikev2 --with-capabilities=libcap --enable-curl --disable-ldap 
--enable-leak-detective --enable-eap-sim --enable-eap-sim-file 
--enable-eap-simaka-sql --enable-eap-simaka-pseudonym 
--enable-eap-simaka-reauth --enable-eap-identity --enable-eap-md5 
--enable-eap-aka --enable-eap-aka-3gpp2 --enable-eap-mschapv2 
--enable-eap-radius --enable-eap-tls --enable-openssl --disable-gcrypt 
--enable-mysql --enable-sqlite --enable-dhcp --enable-farp --disable-nm 
--with-systemdsystemunitdir=/usr/lib/systemd/system --enable-attr-sql 
--enable-sql --enable-eap-gtc



Thanks,


Karl

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130816/da263b5e/attachment.html>


More information about the Users mailing list