[strongSwan] Pluto Setup (showing charon in syslog)

BRAGA, Bruno bruno.braga at gmail.com
Mon Jan 7 14:11:46 CET 2013


I was trying to use some examples from the StrongSwan doc, but stumbled
upon this weird behaviour... By any chance, is the deamon logged in syslog
defined as "charon" independently of which one is running?

When I turned off the charon in /etc/ipsec.conf (deleted all charon stuff
from strongswan.conf as well), still the syslog shows something like:

Jan  7 22:58:55 mac17 NetworkManager[1158]: <info> Starting VPN service
'strongswan'...
Jan  7 22:58:55 mac17 NetworkManager[1158]: <info> VPN service 'strongswan'
started (org.freedesktop.NetworkManager.strongswan), PID 13041
Jan  7 22:58:55 mac17 charon: 00[DMN] Starting IKEv2 charon daemon
(strongSwan 4.5.2)
...

If I execute the service myself, I notice that the message shows pluto, not
charon:

$ sudo service ipsec start
Starting strongSwan 4.5.2 IPsec [starter]...
$ sudo service ipsec start
Starting strongSwan 4.5.2 IPsec [starter]...
pluto is already running (/var/run/pluto.pid exists) -- skipping pluto start
starter is already running (/var/run/starter.pid exists) -- no fork done

Could it be that the Network manager is somehow trying to force charon to
run instead?

For reference, the files:

--- /etc/ipsec.conf ---

config setup
    plutodebug=control
    charonstart=no
    plutostart=yes

conn %default
    ikelifetime=60m
    keylife=20m
    rekeymargin=3m
    keyingtries=1
    keyexchange=ikev1
    authby=secret

--- /etc/strongswan.conf ---

pluto {
}

libstrongswan {
    dh_exponent_ansi_x9_42 = no
}


The complete syslog messages:

Jan  7 23:09:13 mac17 NetworkManager[1158]: <info> Starting VPN service
'strongswan'...
Jan  7 23:09:13 mac17 NetworkManager[1158]: <info> VPN service 'strongswan'
started (org.freedesktop.NetworkManager.strongswan), PID 9228
Jan  7 23:09:13 mac17 charon: 00[DMN] Starting IKEv2 charon daemon
(strongSwan 4.5.2)
Jan  7 23:09:13 mac17 charon: 00[KNL] listening on interfaces:
Jan  7 23:09:13 mac17 charon: 00[KNL]   eth0
Jan  7 23:09:13 mac17 charon: 00[KNL]   wlan0
Jan  7 23:09:13 mac17 charon: 00[KNL]     192.168.1.1
Jan  7 23:09:13 mac17 charon: 00[KNL]     fe80::129a:ddff:feae:e16a
Jan  7 23:09:13 mac17 charon: 00[CFG] loading ca certificates from
'/etc/ipsec.d/cacerts'
Jan  7 23:09:13 mac17 charon: 00[CFG] loading aa certificates from
'/etc/ipsec.d/aacerts'
Jan  7 23:09:13 mac17 charon: 00[CFG] loading ocsp signer certificates from
'/etc/ipsec.d/ocspcerts'
Jan  7 23:09:13 mac17 charon: 00[CFG] loading attribute certificates from
'/etc/ipsec.d/acerts'
Jan  7 23:09:13 mac17 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Jan  7 23:09:13 mac17 charon: 00[CFG] loading secrets from
'/etc/ipsec.secrets'
Jan  7 23:09:13 mac17 charon: 00[CFG]   loaded IKE secret for x.x.x.x %any
Jan  7 23:09:13 mac17 charon: 00[CFG] sql plugin: database URI not set
Jan  7 23:09:13 mac17 charon: 00[LIB] plugin 'sql': failed to load -
sql_plugin_create returned NULL
Jan  7 23:09:13 mac17 charon: 00[CFG] loaded 0 RADIUS server configurations
Jan  7 23:09:13 mac17 charon: 00[LIB] plugin 'medsrv' failed to load:
/usr/lib/ipsec/plugins/libstrongswan-medsrv.so: cannot open shared object
file: No such file or directory
Jan  7 23:09:13 mac17 charon: 00[CFG] mediation client database URI not
defined, skipped
Jan  7 23:09:13 mac17 charon: 00[LIB] plugin 'medcli': failed to load -
medcli_plugin_create returned NULL
Jan  7 23:09:13 mac17 NetworkManager[1158]: <info> VPN service 'strongswan'
appeared; activating connections
Jan  7 23:09:13 mac17 charon: 00[CFG] HA config misses local/remote address
Jan  7 23:09:13 mac17 charon: 00[LIB] plugin 'ha': failed to load -
ha_plugin_create returned NULL
Jan  7 23:09:13 mac17 charon: 00[DMN] loaded plugins: test-vectors curl
ldap aes des sha1 sha2 md5 random x509 revocation constraints pubkey pkcs1
pgp pem openssl fips-prf gmp agent pkcs11 xcbc hmac ctr ccm gcm attr
kernel-netlink resolve socket-raw farp stroke updown eap-identity eap-aka
eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc nm dhcp
led addrblock
Jan  7 23:09:13 mac17 charon: 00[JOB] spawning 16 worker threads

Thanks,

--
*Braga, Bruno*
www.brunobraga.net
bruno.braga at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130107/287753ea/attachment.html>


More information about the Users mailing list