[strongSwan] unable to load plugin eap-ttls
Andreas Steffen
andreas.steffen at strongswan.org
Fri Sep 13 19:29:24 CEST 2013
Hi,
the eap-ttls plugin requires the eap-identity plugin:
http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c;h=7ccbc93813c0bd4ba2879f690ed445677c66a78c;hb=HEAD#l31
since usually the true client identity is protected by the
outer TLS wrapper.
Regards
Andreas
On 13.09.2013 06:29, Far.Runner wrote:
> Hi,
> I am using strongswan 5.0.3 on ubuntu 12.04 server, and I used
> "--enable-eap-tls --enable-eap-ttls" before make. the compilation and
> installation was successful, and I could see ttls plugin has been installed:
> /usr/local/lib/ipsec/plugins$ ls -1|grep ttls
> libstrongswan-eap-ttls.a
> libstrongswan-eap-ttls.la <http://libstrongswan-eap-ttls.la>
> libstrongswan-eap-ttls.so
>
> but it seems strongswan doesn't load eap-ttls (eap-tls does got loaded)
>
> /usr/local/etc# ipsec start
> Starting strongSwan 5.0.3 IPsec [starter]...
> /usr/local/etc# ipsec statusall
> Status of IKE charon daemon (strongSwan 5.0.3, Linux 3.5.0-23-generic,
> i686):
> uptime: 10 seconds, since Sep 12 21:26:32 2013
> malloc: sbrk 135168, mmap 0, used 99880, free 35288
> worker threads: 8 of 16 idle, 7/1/0/0 working, job queue: 0/0/0/0,
> scheduled: 0
> loaded plugins: charon aes des sha1 sha2 md5 random nonce x509
> revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem fips-prf gmp
> xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown
> eap-tls xauth-generic
> Listening IP addresses:
> 10.0.2.15
> 10.1.1.2
> 192.168.56.111
> Connections:
> rw: 10.1.1.2...10.1.1.1 IKEv2
> rw: local: [10.1.1.2] uses pre-shared key authentication
> rw: remote: [10.1.1.1] uses pre-shared key authentication
> rw: child: dynamic === fec1::/16 TUNNEL
> Security Associations (0 up, 0 connecting):
> none
> /usr/local/etc# more strongswan.conf
> # strongswan.conf - strongSwan configuration file
>
> charon {
>
> # number of worker threads in charon
> threads = 16
>
> # send strongswan vendor ID?
> # send_vendor_id = yes
>
> plugins {
>
> sql {
> # loglevel to log into sql database
> loglevel = -1
>
> # URI to the database
> # database = sqlite:///path/to/file.db
> # database = mysql://user:password@localhost/database
> }
> }
>
> # ...
> }
>
> pluto {
>
> }
>
> libstrongswan {
>
> # set to no, the DH exponent size is optimized
> # dh_exponent_ansi_x9_42 = no
> }
>
>
> I used default strongswan.conf, Could you tell me how to load eap-ttls?
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130913/2263ddf6/attachment.bin>
More information about the Users
mailing list