[strongSwan] [Strongswan] no config named 'client'
Andreas Steffen
andreas.steffen at strongswan.org
Tue Aug 19 07:28:47 CEST 2014
Hello Amysu,
go into the strongswan source directory and execute
make clean
./configure --sysconfdir=/etc <any other options>
make
make install
and the path pointing to the configuration files is changed from
/usr/local/etc to /etc. If you want you to clean up you can remove
the old configuration files:
cd /usr/local/etc
rm -r ipsec.d swanctl ipsec.secrets ipsec.conf strongswan.conf
Best regards
Andreas
On 08/19/2014 07:02 AM, amysue.z at gmail.com wrote:
> Hello Andreas,
>
> I have installed strongswan, how can change the sysconfdir, should I
> uninstall it first? I don't know how to uninstall strongswan?
>
> Thanks for your help
>
>
> 2014-08-19 12:36 GMT+08:00 Andreas Steffen
> <andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>>:
>
> Hello Amysue,
>
> you have to build strongSwan with
>
> ./configure --sysconfdir=/etc
>
> Regards
>
> Andreas
>
> On 08/19/2014 05:18 AM, amysue.z at gmail.com
> <mailto:amysue.z at gmail.com> wrote:
> > Hi Noel,
> >
> > I have checked the strongswan logs at /var/log/messages, and I found
> > that it load the conf directory /usr/loca/etc, while I put all my
> conf
> > files at /etc, which I think cause my problem.
> > Is there any way that I can change the conf directory to /etc.
> >
> > Thanks,
> >
> >
> > 2014-08-18 21:16 GMT+08:00 Noel Kuntze <noel at familie-kuntze.de
> <mailto:noel at familie-kuntze.de>
> > <mailto:noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>>>:
> >
> > Hello Amysue
> >
> > Please refer to [2] for a how-to for installing strongSwan.
> > Please note that some modules that could be necessary for your setup
> > need to be compiled by giving the corresponding parameters to
> > ./configure.
> >
> > Regards,
> > Noel Kuntze
> >
> > GPG Key id: 0x63EC6658
> > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> >
> > Am 18.08.2014 um 15:12 schrieb amysue.z at gmail.com
> <mailto:amysue.z at gmail.com>
> > <mailto:amysue.z at gmail.com <mailto:amysue.z at gmail.com>>:
> >> I also want to know are there any special configurations to
> > install strongswan for ikev2 mobike?
> >
> >> For install strongswan to my pc, I just
> >> /./configure/
> >> /make/
> >> /make install/
> >> /
> >> /
> >> Thanks,
> >
> >
> >> 2014-08-18 21:08 GMT+08:00 <amysue.z at gmail.com
> <mailto:amysue.z at gmail.com>
> > <mailto:amysue.z at gmail.com <mailto:amysue.z at gmail.com>>
> <mailto:amysue.z at gmail.com <mailto:amysue.z at gmail.com>
> > <mailto:amysue.z at gmail.com <mailto:amysue.z at gmail.com>>>>:
> >
> >> Hi Noel,
> >> The output of "ipsec statusall" is
> >> /Status of IKE charon daemon (strongSwan 5.0.2, Linux
> > 2.6.18-348.1.1.el5, i686):/
> >> / uptime: 14 minutes, since Aug 18 18:21:46 2014/
> >> / malloc: sbrk 135168, mmap 0, used 86616, free 48552/
> >> / worker threads: 8 of 16 idle, 7/1/0/0 working, job queue:
> > 0/0/0/0, scheduled: 0/
> >> / loaded plugins: charon aes des sha1 sha2 md5 random nonce
> > x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem
> > fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve
> > socket-default stroke updown eap-md5 eap-radius xauth-generic/
> >> /Listening IP addresses:/
> >> / 192.168.2.6/ <http://192.168.2.6/> <http://192.168.2.6/>
> >> / 12.12.1.203/ <http://12.12.1.203/> <http://12.12.1.203/>
> >> /Connections:/
> >> /Security Associations (0 up, 0 connecting):/
> >> / none/
> >
> >> And, how do I enable logging[1] ? I don't use strongswan
> > much, So it feel difficult for me.
> >> Thank you again for your help
> >
> >
> >
> >> 2014-08-18 21:02 GMT+08:00 Noel Kuntze
> <noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>
> > <mailto:noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>>
> <mailto:noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>
> > <mailto:noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>>>>:
> >
> >> Hello,
> >
> >> Check your system log for errors and show us the output of "ipsec
> > statusall".
> >> Sometimes, it takes a couple of seconds for the daemon to load the
> > configuration. Waiting a bit can help in this case.
> >> The reason for this is, that all the ipsec commands are asynchronous.
> >> If the configuration isn't loaded for a couple of seconds, please
> > enable logging[1].
> >> StrongSwan can handle Mobike. It's a daemon thing, not a kernel
> thing.
> >
> >> [1]
> >
> https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
> >
> >> Regards,
> >> Noel Kuntze
> >
> >> GPG Key id: 0x63EC6658
> >> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> >
> >> Am 18.08.2014 um 14:56 schrieb amysue.z at gmail.com
> <mailto:amysue.z at gmail.com>
> > <mailto:amysue.z at gmail.com <mailto:amysue.z at gmail.com>>
> <mailto:amysue.z at gmail.com <mailto:amysue.z at gmail.com>
> > <mailto:amysue.z at gmail.com <mailto:amysue.z at gmail.com>>>:
> >>> Hello,
> >
> >>> My OS is centos 5.9 and i have installed Linux strongSwan
> > U5.0.2/K2.6.18-348.1.1.el5.
> >>> After installation,i start strongswan:
> >>> ipsec start
> >>> then i up an connection:
> >>> ipsec up client
> >>> then I get an error:*no config named 'client'*
> >>> Actually, I define an connection in /etc/ipsec.conf.
> >
> >>> Below is my /etc/ipsec.conf
> >
> >>> /config setup/
> >>> / strictcrlpolicy=no/
> >>> / charonstart=yes/
> >>> /
> >>> /
> >>> /conn %default/
> >>> / ikelifetime=28800s/
> >>> / keylife=28800s/
> >>> / rekeymargin=3m/
> >>> / keyingtries=3/
> >>> / keyexchange=ikev2/
> >>> / ike=3des-sha1-modp1024/
> >>> / esp=3des-sha1/
> >>> /
> >>> /
> >>> /conn client/
> >>> / left=12.12.1.203/ <http://12.12.1.203/>
> <http://12.12.1.203/> <http://12.12.1.203/>
> >>> / leftsourceip=%config/
> >>> / leftcert=client1_cert.pem/
> >>> / leftid="/C=CN/ST=SH/O=CS/CN=IKEv2_Client1"/
> >>> / right=11.11.11.200/ <http://11.11.11.200/>
> <http://11.11.11.200/>
> > <http://11.11.11.200/>
> >>> / rightid="/C=CN/ST=SH/O=CS/CN=11.11.11.200"/
> >>> / rightsubnet=192.168.168.0/24 <http://192.168.168.0/24>
> <http://192.168.168.0/24>
> > <http://192.168.168.0/24> <http://192.168.168.0/24>/
> >>> / auto=add/
> >>> /
> >>> /
> >>> I have no idea what to do now, I really need your help, any one
> > could help me?
> >>> Thank you very much
> >
>
> ======================================================================
> Andreas Steffen
> andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>
> strongSwan - the Open Source VPN Solution!
> www.strongswan.org <http://www.strongswan.org>
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
>
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140819/7a74697a/attachment-0001.bin>
More information about the Users
mailing list