[strongSwan] charon has unmet dependency: NONCE_GEN

Andreas Steffen andreas.steffen at strongswan.org
Sat Aug 17 09:14:38 CEST 2013


Hi Karl, as the version 5 configuration file shows

http://www.strongswan.org/uml/testresults5/ikev2/dhcp-dynamic/moon.strongswan.conf

you need the nonce plugin in your charon load statement.

Regards

Andreas

On 08/16/2013 10:11 PM, Karl Hiramoto wrote:
> Hi,
> 
> I can't get charon to start,  does anyone know what's missing or have a
> suggestion of what to check?
> 
> 
> # ipsec restart
> Stopping strongSwan IPsec failed: starter is not running
> Starting strongSwan 5.1.0 IPsec [starter]...
> No leaks detected, 1 suppressed by whitelist
> 
> 
> syslog:
> 
> Aug 16 21:57:42 host ipsec_starter[4497]: Starting strongSwan 5.1.0
> IPsec [starter]...
> Aug 16 21:57:42 host charon[4517]: 00[DMN] Starting IKE charon daemon
> (strongSwan 5.1.0, Linux 3.9.11, x86_64)
> Aug 16 21:57:42 host charon[4517]: 00[LIB] feature CUSTOM:libcharon in
> critical plugin 'charon' has unmet dependency: NONCE_GEN
> Aug 16 21:57:42 host charon[4517]: 00[CFG] loading ca certificates from
> '/etc/ipsec.d/cacerts'
> Aug 16 21:57:42 host charon[4517]: 00[CFG]   loaded ca certificate
> "C=ES, ST=somewhere, L=somewhere, O=Xxx, OU=Xxx, CN=xx1" from
> '/etc/ipsec.d/cacerts/strongswanCert.pem'
> Aug 16 21:57:43 host charon[4517]: 00[LIB] building CRED_CERTIFICATE -
> X509 failed, tried 3 builders
> Aug 16 21:57:43 host charon[4517]: 00[CFG]   loading ca certificate from
> '/etc/ipsec.d/cacerts/strongswanKey.pem' failed
> Aug 16 21:57:43 host charon[4517]: 00[CFG] loading aa certificates from
> '/etc/ipsec.d/aacerts'
> Aug 16 21:57:43 host charon[4517]: 00[CFG] loading ocsp signer
> certificates from '/etc/ipsec.d/ocspcerts'
> Aug 16 21:57:43 host charon[4517]: 00[CFG] loading attribute
> certificates from '/etc/ipsec.d/acerts'
> Aug 16 21:57:43 host charon[4517]: 00[CFG] loading crls from
> '/etc/ipsec.d/crls'
> Aug 16 21:57:43 host charon[4517]: 00[CFG] loading secrets from
> '/etc/ipsec.secrets'
> Aug 16 21:57:43 host charon[4517]: 00[LIB] building CRED_PRIVATE_KEY -
> RSA failed, tried 4 builders
> Aug 16 21:57:43 host charon[4517]: 00[CFG]   loading private key from
> '/etc/ipsec.d/private/moonKey.pem' failed
> Aug 16 21:57:43 host charon[4517]: 00[LIB] failed to load 1 critical
> plugin feature
> Aug 16 21:57:43 host charon[4517]: 00[DMN] initialization failed -
> aborting charon
> Aug 16 21:57:43 host ipsec_starter[4516]: charon has quit:
> initialization failed
> Aug 16 21:57:43 host ipsec_starter[4516]: charon refused to be started
> Aug 16 21:57:43 host ipsec_starter[4516]: ipsec starter stopped
>                                                                     
> 
> The configuration files I'm using are:
> http://www.strongswan.org/uml/testresults4/ikev2/dhcp-dynamic/index.html
> 
> I generated the pem files with the examples in the README.
> 
> 
> I'm using gentoo linux.  compile configure ops are:
> ./configure --prefix=/usr --build=x86_64-pc-linux-gnu
> --host=x86_64-pc-linux-gnu --mandir=/usr/share/man
> --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc
> --localstatedir=/var/lib --libdir=/usr/lib64 --disable-silent-rules
> --disable-dependency-tracking --disable-static --enable-ikev1
> --enable-ikev2 --with-capabilities=libcap --enable-curl --disable-ldap
> --enable-leak-detective --enable-eap-sim --enable-eap-sim-file
> --enable-eap-simaka-sql --enable-eap-simaka-pseudonym
> --enable-eap-simaka-reauth --enable-eap-identity --enable-eap-md5
> --enable-eap-aka --enable-eap-aka-3gpp2 --enable-eap-mschapv2
> --enable-eap-radius --enable-eap-tls --enable-openssl --disable-gcrypt
> --enable-mysql --enable-sqlite --enable-dhcp --enable-farp --disable-nm
> --with-systemdsystemunitdir=/usr/lib/systemd/system --enable-attr-sql
> --enable-sql --enable-eap-gtc
> 
> Thanks,

> Karl
>
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130817/231133b9/attachment.bin>


More information about the Users mailing list