[strongSwan] [strongswan] AWS to Cisco IOS - "error writing to socket: Invalid argument"

Noel Kuntze noel at familie-kuntze.de
Fri Aug 15 21:27:26 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Gary,

Those errors look okay and don't cause that. Maybe the package you installed is somehow wrong.
You can try compiling strongSwan yourself and see if that works for you.
Just download the package source code and build it yourself. If you're using Debian: apt-get source <package name>

Regards,
Noel Kuntze

GPG Key id: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 15.08.2014 um 21:12 schrieb Gary Webster:
> Hello.
> Thanks for the reply.
>
> iptables  is currently disabled.
>
> AFAICT, strongswan (ipsec) IS running as root.
>
> Earlier suspects in logs are:
>
> loop detected while loading PUBKEY:RSA in plugin 'pem'
> loop detected while loading PUBKEY:ECDSA in plugin 'pem'
> feature PUBKEY:DSA in plugin 'pem' has unmet dependency: PUBKEY:DSA
> feature CERT_DECODE:X509 in plugin 'x509' has unmet soft dependency: PUBKEY:DSA
> loop detected while loading CERT_DECODE:X509_CRL in plugin 'pem'
> loop detected while loading CERT_DECODE:X509 in plugin 'pem'
> feature CERT_DECODE:X509 in plugin 'openssl' has unmet soft dependency: PUBKEY:DSA
> feature CUSTOM:revocation in plugin 'revocation' has unmet soft dependency: FETCHER:(null)
> loop detected while loading PRIVKEY:ANY in plugin 'pem'
> loop detected while loading PRIVKEY:RSA in plugin 'pem'
> loop detected while loading PRIVKEY:ECDSA in plugin 'pem'
> feature PRIVKEY:DSA in plugin 'pem' has unmet dependency: PRIVKEY:DSA
> loop detected while loading PUBKEY:ANY in plugin 'pem'
> feature CERT_DECODE:PGP in plugin 'pem' has unmet dependency: CERT_DECODE:PGP
> feature CERT_DECODE:ANY in plugin 'pem' has unmet soft dependency: CERT_DECODE:PGP
> feature CERT_DECODE:X509_OCSP_REQUEST in plugin 'pem' has unmet dependency: CERT_DECODE:X509_OCSP_REQUEST
> feature CERT_DECODE:TRUSTED_PUBKEY in plugin 'pem' has unmet dependency: CERT_DECODE:TRUSTED_PUBKEY
> loop detected while loading CONTAINER_DECODE:PKCS12 in plugin 'pem'
> feature CUSTOM:stroke in plugin 'stroke' has unmet soft dependency: PRIVKEY:DSA
> feature CUSTOM:stroke in plugin 'stroke' has unmet soft dependency: CERT_DECODE:TRUSTED_PUBKEY
> unable to load 5 plugin features (5 due to unmet dependencies)
> dropped capabilities, running as uid 0, gid 0
> 192.146.101.41 is not a local address or the interface is down
> 54.88.155.99 is not a local address or the interface is down
> left nor right host is our side, assuming left=local
>
>
> I figured these were all OK/warnings, including running as root ...
>
> I am using IKEv1 &  authby=secret  , mostly from this doc:
> http://www.cisco.com/c/en/us/support/docs/ip/internet-key-exchange-ike/117258-config-l2l.html
>
>
> On Fri, Aug 15, 2014 at 2:13 PM, Noel Kuntze <noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>> wrote:
>
>
> Hello,
>
> Did you ...
> Check your iptables rules?
> Check if strongSwan is running as non-root user?
> See any earlier errors in the logs?
>
> Regards,
> Noel Kuntze
>
> GPG Key id: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> Am 15.08.2014 um 20:01 schrieb Gary Webster:
> > Hello.
> > Can anyone give me a clue what to try here?
> > Thanks.
>
>
> > Aug 15 17:44:36 13[NET] <ciscoios|1> sending packet: from 54.88.155.99[500] to 192.146.101.41[500] (196 bytes)
> > Aug 15 17:44:36 08[JOB] watcher got notification, rebuilding
> > Aug 15 17:44:36 08[JOB]   watching 9 for reading
> > Aug 15 17:44:36 08[JOB]   watching 15 for reading
> > Aug 15 17:44:36 08[JOB]   watching 16 for reading
> > Aug 15 17:44:36 08[JOB] watcher going to select()
> > Aug 15 17:44:36 10[NET] sending packet: from 54.88.155.99[500] to 192.146.101.41[500]
> > Aug 15 17:44:36 10[NET] error writing to socket: Invalid argument
> > Aug 15 17:44:36 07[JOB] next event in 3s 999ms, waiting
> > Aug 15 17:44:36 13[MGR] <ciscoios|1> checkin IKE_SA ciscoios[1]
> > Aug 15 17:44:36 08[JOB] watcher got notification, rebuilding
> > Aug 15 17:44:36 08[JOB]   watching 9 for reading
> > Aug 15 17:44:36 08[JOB]   watching 15 for reading
> > Aug 15 17:44:36 08[JOB]   watching 16 for reading
> > Aug 15 17:44:36 08[JOB] watcher going to select()
> > Aug 15 17:44:40 07[JOB] got event, queuing job for execution
> > Aug 15 17:44:40 07[JOB] no events, waiting
> > Aug 15 17:44:40 15[MGR] checkout IKE_SA
> > Aug 15 17:44:40 15[MGR] IKE_SA ciscoios[1] successfully checked out
> > Aug 15 17:44:40 15[IKE] <ciscoios|1> sending retransmit 1 of request message ID 0, seq 1
> > Aug 15 17:44:40 15[NET] <ciscoios|1> sending packet: from 54.88.155.99[500] to 192.146.101.41[500] (196 bytes)
> > Aug 15 17:44:40 15[MGR] <ciscoios|1> checkin IKE_SA ciscoios[1]
> > Aug 15 17:44:40 15[MGR] <ciscoios|1> check-in of IKE_SA successful.
> > Aug 15 17:44:40 10[NET] sending packet: from 54.88.155.99[500] to 192.146.101.41[500]
> > Aug 15 17:44:40 10[NET] error writing to socket: Invalid argument
> > Aug 15 17:44:40 07[JOB] next event in 7s 199ms, waiting
> > Aug 15 17:44:47 07[JOB] got event, queuing job for execution
> > Aug 15 17:44:47 07[JOB] no events, waiting
> > Aug 15 17:44:47 06[MGR] checkout IKE_SA
> > Aug 15 17:44:47 06[MGR] IKE_SA ciscoios[1] successfully checked out
> > Aug 15 17:44:47 06[IKE] <ciscoios|1> sending retransmit 2 of request message ID 0, seq 1
> > Aug 15 17:44:47 06[NET] <ciscoios|1> sending packet: from 54.88.155.99[500] to 192.146.101.41[500] (196 bytes)
> > Aug 15 17:44:47 06[MGR] <ciscoios|1> checkin IKE_SA ciscoios[1]
> > Aug 15 17:44:47 06[MGR] <ciscoios|1> check-in of IKE_SA successful.
> > Aug 15 17:44:47 10[NET] sending packet: from 54.88.155.99[500] to 192.146.101.41[500]
> > Aug 15 17:44:47 10[NET] error writing to socket: Invalid argument
> > Aug 15 17:44:47 07[JOB] next event in 12s 959ms, waiting
>
>
>
> > _______________________________________________
> > Users mailing list
> > Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
> > https://lists.strongswan.org/mailman/listinfo/users
>
>
>     _______________________________________________
>     Users mailing list
>     Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
>     https://lists.strongswan.org/mailman/listinfo/users
>
>
>
>
> --
> Gary Webster
> Software Engineer
> Perceptive Software
>
> gary.webster at perceptivesoftware.com <mailto:gary.webster at perceptivesoftware.com>
> www.perceptivesoftware.com <http://www.perceptivesoftware.com/>
>
> +1 859 825 4149 direct
> +1 913 422 7525 corporate
>
> NOTICE: If received in error, please destroy the message and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited.
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJT7l8eAAoJEDg5KY9j7GZYs6wP/2ZVI1cQzJbYdO0lJFwAQ0YF
2iK/9nOZQAuQ9oeSP1vzTdZ/FsQOekFgOdMAc2PtOkNUezZZ5uo5Il0A3+Bwb59P
0skxd0j1FOXWuzEwqYSt1UJVMwImX3YcpohnuaQUO1UOK+qDbZTkhovrQI1X9h29
74WFAPwVvr8c+tbFGujV52sOEAIjTrGyMyNaSGTZcCDtJR4eG/aSd2xcpa7PVLyW
tRd15jykSch7yArsIu1q1Pjskq1vngZ+vByL59RB3FPJn/+WRm0hbq/L8QPK+Oq5
pgCVos1Wg1qzCwLtOzTEmPpDojg9EshAtNNGvs60P5AuLbpttPoFhEu2qUznMgtN
vuOzJTsYlAak8XRH72R9aWSJsoY6u8YTe/gXXAXnXqH4uasAA19odGg159+tT+X5
rbkdY53qAu2GC5wJil1gNO983CFNqwEstqSZdy8fEzmTFCY2uPvScN/demmIn67q
0wVgEx5/lp4wWvj/GsI/mNCD68TUNPvL4Lmx6UYyKWM6EZ6Yw/zT2i6/PZMIWRb3
E6aLtUsaufOwb7yd19i3rijgBlYtSmUcZjlwCLJHKg3qIloS8/3aIgxW3xyWcNiR
4kHxVtNS6j8XfZIs5du5k4CylSzJGEqNkVIK20Yxhrn3H7504Q6QefHtAGXlkbw5
VYInYcy+8WxwBbcWHBkF
=snV7
-----END PGP SIGNATURE-----



More information about the Users mailing list