[strongSwan] [Strongswan] no config named 'client'

amysue.z at gmail.com amysue.z at gmail.com
Tue Aug 19 05:19:59 CEST 2014


below is the strongswan log:

00[DMN] signal of type SIGINT received. Shutting down
Aug 19 08:41:39 PCSWAN3 charon: 00[DMN] Starting IKE charon daemon
(strongSwan 5.0.2, Linux 2.6.18-348.1.1.el5, i686)
Aug 19 08:41:39 PCSWAN3 charon: 00[KNL] unable to set UDP_ENCAP: Protocol
not available
Aug 19 08:41:39 PCSWAN3 charon: 00[NET] enabling UDP decapsulation for IPv6
on port 4500 failed
Aug 19 08:41:39 PCSWAN3 charon: 00[CFG] loaded 0 RADIUS server
configurations
Aug 19 08:41:39 PCSWAN3 charon: 00[CFG] loading ca certificates from
'/usr/local/etc/ipsec.d/cacerts'
Aug 19 08:41:39 PCSWAN3 charon: 00[CFG] loading aa certificates from
'/usr/local/etc/ipsec.d/aacerts'
Aug 19 08:41:39 PCSWAN3 charon: 00[CFG] loading ocsp signer certificates
from '/usr/local/etc/ipsec.d/ocspcerts'
Aug 19 08:41:39 PCSWAN3 charon: 00[CFG] loading attribute certificates from
'/usr/local/etc/ipsec.d/acerts'
Aug 19 08:41:39 PCSWAN3 charon: 00[CFG] loading crls from
'/usr/local/etc/ipsec.d/crls'
Aug 19 08:41:39 PCSWAN3 charon: 00[CFG] loading secrets from
'/usr/local/etc/ipsec.secrets'
Aug 19 08:41:39 PCSWAN3 charon: 00[LIB]   opening
'/usr/local/etc/ipsec.d/private/myKey.der' failed: No such file or
directory
Aug 19 08:41:39 PCSWAN3 charon: 00[LIB] building CRED_PRIVATE_KEY - RSA
failed, tried 6 builders
Aug 19 08:41:39 PCSWAN3 charon: 00[CFG]   loading private key from
'/usr/local/etc/ipsec.d/private/myKey.der' failed
Aug 19 08:41:39 PCSWAN3 charon: 00[DMN] loaded plugins: charon aes des sha1
sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp
dnskey pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve
socket-default stroke updown eap-md5 eap-radius xauth-generic
Aug 19 08:41:39 PCSWAN3 charon: 00[JOB] spawning 16 worker threads
Aug 19 08:41:43 PCSWAN3 charon: 05[CFG] received stroke: initiate 'client'
Aug 19 08:41:43 PCSWAN3 charon: 05[CFG] no config named 'client'



2014-08-19 11:18 GMT+08:00 <amysue.z at gmail.com>:

> Hi Noel,
>
> I have checked the strongswan logs at /var/log/messages, and I found that
> it load the conf directory  /usr/loca/etc, while I put all my conf files at
> /etc, which I think cause my problem.
> Is there any way that I can change the conf directory to /etc.
>
> Thanks,
>
>
> 2014-08-18 21:16 GMT+08:00 Noel Kuntze <noel at familie-kuntze.de>:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hello Amysue
>>
>> Please refer to [2] for a how-to for installing strongSwan.
>> Please note that some modules that could be necessary for your setup
>> need to be compiled by giving the corresponding parameters to ./configure.
>>
>> Regards,
>> Noel Kuntze
>>
>> GPG Key id: 0x63EC6658
>> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>>
>> Am 18.08.2014 um 15:12 schrieb amysue.z at gmail.com:
>> > I also want to know are there any special configurations to install
>> strongswan for ikev2 mobike?
>> >
>> > For install strongswan to my pc, I just
>> > /./configure/
>> > /make/
>> > /make install/
>> > /
>> > /
>> > Thanks,
>> >
>> >
>> > 2014-08-18 21:08 GMT+08:00 <amysue.z at gmail.com <mailto:
>> amysue.z at gmail.com>>:
>> >
>> >     Hi Noel,
>> >     The output of "ipsec statusall" is
>> >     /Status of IKE charon daemon (strongSwan 5.0.2, Linux
>> 2.6.18-348.1.1.el5, i686):/
>> >     /  uptime: 14 minutes, since Aug 18 18:21:46 2014/
>> >     /  malloc: sbrk 135168, mmap 0, used 86616, free 48552/
>> >     /  worker threads: 8 of 16 idle, 7/1/0/0 working, job queue:
>> 0/0/0/0, scheduled: 0/
>> >     /  loaded plugins: charon aes des sha1 sha2 md5 random nonce x509
>> revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem fips-prf gmp xcbc
>> cmac hmac attr kernel-netlink resolve socket-default stroke updown eap-md5
>> eap-radius xauth-generic/
>> >     /Listening IP addresses:/
>> >     /  192.168.2.6/
>> >     /  12.12.1.203/
>> >     /Connections:/
>> >     /Security Associations (0 up, 0 connecting):/
>> >     /  none/
>> >
>> >     And, how do I  enable logging[1] ? I don't use strongswan much, So
>> it feel difficult for me.
>> >     Thank you again for your help
>> >
>> >
>> >
>> >     2014-08-18 21:02 GMT+08:00 Noel Kuntze <noel at familie-kuntze.de
>> <mailto:noel at familie-kuntze.de>>:
>> >
>> > Hello,
>> >
>> > Check your system log for errors and show us the output of "ipsec
>> statusall".
>> > Sometimes, it takes a couple of seconds for the daemon to load the
>> configuration. Waiting a bit can help in this case.
>> > The reason for this is, that all the ipsec commands are asynchronous.
>> > If the configuration isn't loaded for a couple of seconds, please
>> enable logging[1].
>> > StrongSwan can handle Mobike. It's a daemon thing, not a kernel thing.
>> >
>> > [1]
>> https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
>> >
>> > Regards,
>> > Noel Kuntze
>> >
>> > GPG Key id: 0x63EC6658
>> > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>> >
>> > Am 18.08.2014 um 14:56 schrieb amysue.z at gmail.com <mailto:
>> amysue.z at gmail.com>:
>> >> Hello,
>> >
>> >> My OS is centos 5.9 and i have installed Linux strongSwan
>> U5.0.2/K2.6.18-348.1.1.el5.
>> >> After installation,i start strongswan:
>> >> ipsec start
>> >> then i up an connection:
>> >> ipsec up client
>> >> then I get an error:*no config named 'client'*
>> >> Actually, I define an connection in /etc/ipsec.conf.
>> >
>> >> Below is my /etc/ipsec.conf
>> >
>> >> /config setup/
>> >> /    strictcrlpolicy=no/
>> >> /    charonstart=yes/
>> >> /
>> >> /
>> >> /conn %default/
>> >> /    ikelifetime=28800s/
>> >> /    keylife=28800s/
>> >> /    rekeymargin=3m/
>> >> /    keyingtries=3/
>> >> /    keyexchange=ikev2/
>> >> /    ike=3des-sha1-modp1024/
>> >> /    esp=3des-sha1/
>> >> /
>> >> /
>> >> /conn client/
>> >> /    left=12.12.1.203/ <http://12.12.1.203/>
>> >> /    leftsourceip=%config/
>> >> /    leftcert=client1_cert.pem/
>> >> /    leftid="/C=CN/ST=SH/O=CS/CN=IKEv2_Client1"/
>> >> /    right=11.11.11.200/ <http://11.11.11.200/>
>> >> /    rightid="/C=CN/ST=SH/O=CS/CN=11.11.11.200"/
>> >> /    rightsubnet=192.168.168.0/24 <http://192.168.168.0/24> <
>> http://192.168.168.0/24>/
>> >> /    auto=add/
>> >> /
>> >> /
>> >> I have no idea what to do now, I really need your help, any one could
>> help me?
>> >>  Thank you very much
>> >
>> >
>> >
>> >> _______________________________________________
>> >> Users mailing list
>> >> Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
>> >> https://lists.strongswan.org/mailman/listinfo/users
>> >
>> >         _______________________________________________
>> >         Users mailing list
>> >         Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
>> >         https://lists.strongswan.org/mailman/listinfo/users
>> >
>> >
>> >
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2
>>
>> iQIcBAEBAgAGBQJT8fycAAoJEDg5KY9j7GZYpTcP/iukAF34z42AVNwxbTo3Ow8t
>> +aNESIoYH+8VLpQM2ZKLt3GNd9Ni4TqQkn3pz2+R21jx+2x1vSqhtfUa8UjxsXsl
>> UNfmOzAjw9eNFiR8XvtmD/oMJecitea++l0zQKKwoUEWujvrk+ADf48/ixMEVkxN
>> h99mC5qkvo878regENvBwn6nRgnT13n2wlIDE/WHyLCCcQWol3DJifYU/acUYWIj
>> ixn+LLeIOz6xJdCWMj914KeRo/P+cmhoUx/su4+DRtIE3oIO0scYVsjkewIBBBy/
>> l8TZ3+jn+CeQ/OvmiJHVhoMhUTN2cjUw/CKOQsiD1Mzke3S/ZgE0VghKQEKYFJnF
>> r09O2D7ML0gf8p5F0psXYf7Z3Md8Hyma9X8CJleZ+UZbciVPshW2eniDUGOTX9F1
>> dalsDT9IuIAeeTYFqXG1Hpu70adbBdOtMStNiFms4qp09YU5lya1PDHiW6OJQJzk
>> qLd/4p0XU11M7FIlX77EY+erzqa0ocTX/anhU4d8kaHj/yscjs+jCut3h3yMh1Wr
>> jZMmSd2Sya+y7mVWGJZM6J881oKmWBOZnxAbUz8GWVqS0YrL5xONZflCXcJ7AlM6
>> rsdomGi69E7uOUeoS2Ophik+KPFU3z1YXPekwoZ1G5lpGO3AcPR1k6JlG0kc5kPU
>> LeKodA7uufdB3uaXDmo/
>> =v2BP
>> -----END PGP SIGNATURE-----
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140819/c61c1eb1/attachment.html>


More information about the Users mailing list