[strongSwan] [strongswan] AWS to Cisco IOS - "error writing to socket: Invalid argument"

Gary Webster gary.webster at perceptivesoftware.com
Fri Aug 15 21:12:01 CEST 2014 

Hello.
Thanks for the reply.

iptables  is currently disabled.

AFAICT, strongswan (ipsec) IS running as root.

Earlier suspects in logs are:

loop detected while loading PUBKEY:RSA in plugin 'pem'
loop detected while loading PUBKEY:ECDSA in plugin 'pem'
feature PUBKEY:DSA in plugin 'pem' has unmet dependency: PUBKEY:DSA
feature CERT_DECODE:X509 in plugin 'x509' has unmet soft dependency:
PUBKEY:DSA
loop detected while loading CERT_DECODE:X509_CRL in plugin 'pem'
loop detected while loading CERT_DECODE:X509 in plugin 'pem'
feature CERT_DECODE:X509 in plugin 'openssl' has unmet soft dependency:
PUBKEY:DSA
feature CUSTOM:revocation in plugin 'revocation' has unmet soft dependency:
FETCHER:(null)
loop detected while loading PRIVKEY:ANY in plugin 'pem'
loop detected while loading PRIVKEY:RSA in plugin 'pem'
loop detected while loading PRIVKEY:ECDSA in plugin 'pem'
feature PRIVKEY:DSA in plugin 'pem' has unmet dependency: PRIVKEY:DSA
loop detected while loading PUBKEY:ANY in plugin 'pem'
feature CERT_DECODE:PGP in plugin 'pem' has unmet dependency:
CERT_DECODE:PGP
feature CERT_DECODE:ANY in plugin 'pem' has unmet soft dependency:
CERT_DECODE:PGP
feature CERT_DECODE:X509_OCSP_REQUEST in plugin 'pem' has unmet dependency:
CERT_DECODE:X509_OCSP_REQUEST
feature CERT_DECODE:TRUSTED_PUBKEY in plugin 'pem' has unmet dependency:
CERT_DECODE:TRUSTED_PUBKEY
loop detected while loading CONTAINER_DECODE:PKCS12 in plugin 'pem'
feature CUSTOM:stroke in plugin 'stroke' has unmet soft dependency:
PRIVKEY:DSA
feature CUSTOM:stroke in plugin 'stroke' has unmet soft dependency:
CERT_DECODE:TRUSTED_PUBKEY
unable to load 5 plugin features (5 due to unmet dependencies)
dropped capabilities, running as uid 0, gid 0
192.146.101.41 is not a local address or the interface is down
54.88.155.99 is not a local address or the interface is down
left nor right host is our side, assuming left=local


I figured these were all OK/warnings, including running as root ...

I am using IKEv1 &  authby=secret  , mostly from this doc:
http://www.cisco.com/c/en/us/support/docs/ip/internet-key-exchange-ike/117258-config-l2l.html


On Fri, Aug 15, 2014 at 2:13 PM, Noel Kuntze <noel at familie-kuntze.de> wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello,
>
> Did you ...
> Check your iptables rules?
> Check if strongSwan is running as non-root user?
> See any earlier errors in the logs?
>
> Regards,
> Noel Kuntze
>
> GPG Key id: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> Am 15.08.2014 um 20:01 schrieb Gary Webster:
> > Hello.
> > Can anyone give me a clue what to try here?
> > Thanks.
> >
> >
> > Aug 15 17:44:36 13[NET] <ciscoios|1> sending packet: from
> 54.88.155.99[500] to 192.146.101.41[500] (196 bytes)
> > Aug 15 17:44:36 08[JOB] watcher got notification, rebuilding
> > Aug 15 17:44:36 08[JOB]   watching 9 for reading
> > Aug 15 17:44:36 08[JOB]   watching 15 for reading
> > Aug 15 17:44:36 08[JOB]   watching 16 for reading
> > Aug 15 17:44:36 08[JOB] watcher going to select()
> > Aug 15 17:44:36 10[NET] sending packet: from 54.88.155.99[500] to
> 192.146.101.41[500]
> > Aug 15 17:44:36 10[NET] error writing to socket: Invalid argument
> > Aug 15 17:44:36 07[JOB] next event in 3s 999ms, waiting
> > Aug 15 17:44:36 13[MGR] <ciscoios|1> checkin IKE_SA ciscoios[1]
> > Aug 15 17:44:36 08[JOB] watcher got notification, rebuilding
> > Aug 15 17:44:36 08[JOB]   watching 9 for reading
> > Aug 15 17:44:36 08[JOB]   watching 15 for reading
> > Aug 15 17:44:36 08[JOB]   watching 16 for reading
> > Aug 15 17:44:36 08[JOB] watcher going to select()
> > Aug 15 17:44:40 07[JOB] got event, queuing job for execution
> > Aug 15 17:44:40 07[JOB] no events, waiting
> > Aug 15 17:44:40 15[MGR] checkout IKE_SA
> > Aug 15 17:44:40 15[MGR] IKE_SA ciscoios[1] successfully checked out
> > Aug 15 17:44:40 15[IKE] <ciscoios|1> sending retransmit 1 of request
> message ID 0, seq 1
> > Aug 15 17:44:40 15[NET] <ciscoios|1> sending packet: from
> 54.88.155.99[500] to 192.146.101.41[500] (196 bytes)
> > Aug 15 17:44:40 15[MGR] <ciscoios|1> checkin IKE_SA ciscoios[1]
> > Aug 15 17:44:40 15[MGR] <ciscoios|1> check-in of IKE_SA successful.
> > Aug 15 17:44:40 10[NET] sending packet: from 54.88.155.99[500] to
> 192.146.101.41[500]
> > Aug 15 17:44:40 10[NET] error writing to socket: Invalid argument
> > Aug 15 17:44:40 07[JOB] next event in 7s 199ms, waiting
> > Aug 15 17:44:47 07[JOB] got event, queuing job for execution
> > Aug 15 17:44:47 07[JOB] no events, waiting
> > Aug 15 17:44:47 06[MGR] checkout IKE_SA
> > Aug 15 17:44:47 06[MGR] IKE_SA ciscoios[1] successfully checked out
> > Aug 15 17:44:47 06[IKE] <ciscoios|1> sending retransmit 2 of request
> message ID 0, seq 1
> > Aug 15 17:44:47 06[NET] <ciscoios|1> sending packet: from
> 54.88.155.99[500] to 192.146.101.41[500] (196 bytes)
> > Aug 15 17:44:47 06[MGR] <ciscoios|1> checkin IKE_SA ciscoios[1]
> > Aug 15 17:44:47 06[MGR] <ciscoios|1> check-in of IKE_SA successful.
> > Aug 15 17:44:47 10[NET] sending packet: from 54.88.155.99[500] to
> 192.146.101.41[500]
> > Aug 15 17:44:47 10[NET] error writing to socket: Invalid argument
> > Aug 15 17:44:47 07[JOB] next event in 12s 959ms, waiting
> >
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.strongswan.org
> > https://lists.strongswan.org/mailman/listinfo/users
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJT7k3mAAoJEDg5KY9j7GZYgSIP/1XRMJAr9IONnkd6Pjn/45d2
> wR2ml8wj5UoJJn3a1gzjTABukNGAhoDmvvt1lUewbB4gJLGs5g38wBG4k1n8iOz8
> UlABTSVRDKu/61XZaGrvO84CjGBl+f/YQsZdMmqc49RAGRVdWvfv+HBLOuriMcWQ
> OtCVRIr0ORZRcYOTHhChwb8zN4q38Lu9wrPVss3E3yPq97QSCngNHHlzDsesOmxc
> w11MniJ9DRiDW25VS6Mp8NcNP82xKh7YPfNUSyLe+ZKZXMx8Hnn3RGgSCm+IQqNb
> HipJ5KcraG1+pwV8j+0ypX0x1KYYyz68kfLp307kRv5wjJnxfcQscsq1fwBmeLWb
> KNin/JX1KlL2ou+LUjtmZ26Z5efwDfG0k5yiiY4ylhqDMm4Ym4fUFdUGfRbLV2Yr
> t2WmH/ADi4IhlJMD1F4fl2SPazt9kre4nwR3RpF0sHWcibcsSzynwwKP6jjLYV30
> kMsTW/wEcB7MtAvGCRZv4aJ67XPmq3EV9QU/TZkKRnA+KxUxte0nAMlvpb9AUMgY
> jRCkJVRQ2t+AI1BcFXPgYl0uXUmHflwJ2yf5hw+jqo0KML0RYoHqIkToJe364TGI
> oyDpQM8eDu2iLO4mvCcgS7XNniKRqfixw+8J3LrJiqzErV6CYHiHvQo4UIZiLLWQ
> +7BV+vz19FlOffW95rrq
> =jZhN
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>



-- 
Gary Webster
Software Engineer
Perceptive Software

gary.webster at perceptivesoftware.com
www.perceptivesoftware.com

+1 859 825 4149 direct
+1 913 422 7525 corporate

NOTICE: If received in error, please destroy the message and notify sender.
Sender does not waive confidentiality or privilege, and use is prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140815/7e031f99/attachment-0001.html>

More information about the Users mailing list