[strongSwan] [Strongswan] no config named 'client'
Noel Kuntze
noel at familie-kuntze.de
Tue Aug 19 08:57:47 CEST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Amysu, Hello Andreas,
I think you should always "make uninstall", before you run "make clean" or install strongSwan with another --bindir or other directory.
Otherwise you'll end up with files all over the place.
Regards,
Noel Kuntze
GPG Key id: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 19.08.2014 um 07:28 schrieb Andreas Steffen:
> Hello Amysu,
>
> go into the strongswan source directory and execute
>
> make clean
> ./configure --sysconfdir=/etc <any other options>
> make
> make install
>
> and the path pointing to the configuration files is changed from
> /usr/local/etc to /etc. If you want you to clean up you can remove
> the old configuration files:
>
> cd /usr/local/etc
> rm -r ipsec.d swanctl ipsec.secrets ipsec.conf strongswan.conf
>
> Best regards
>
> Andreas
>
> On 08/19/2014 07:02 AM, amysue.z at gmail.com wrote:
>> Hello Andreas,
>>
>> I have installed strongswan, how can change the sysconfdir, should I
>> uninstall it first? I don't know how to uninstall strongswan?
>>
>> Thanks for your help
>>
>>
>> 2014-08-19 12:36 GMT+08:00 Andreas Steffen
>> <andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>>:
>>
>> Hello Amysue,
>>
>> you have to build strongSwan with
>>
>> ./configure --sysconfdir=/etc
>>
>> Regards
>>
>> Andreas
>>
>> On 08/19/2014 05:18 AM, amysue.z at gmail.com
>> <mailto:amysue.z at gmail.com> wrote:
>> > Hi Noel,
>> >
>> > I have checked the strongswan logs at /var/log/messages, and I found
>> > that it load the conf directory /usr/loca/etc, while I put all my
>> conf
>> > files at /etc, which I think cause my problem.
>> > Is there any way that I can change the conf directory to /etc.
>> >
>> > Thanks,
>> >
>> >
>> > 2014-08-18 21:16 GMT+08:00 Noel Kuntze <noel at familie-kuntze.de
>> <mailto:noel at familie-kuntze.de>
>> > <mailto:noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>>>:
>> >
>> > Hello Amysue
>> >
>> > Please refer to [2] for a how-to for installing strongSwan.
>> > Please note that some modules that could be necessary for your setup
>> > need to be compiled by giving the corresponding parameters to
>> > ./configure.
>> >
>> > Regards,
>> > Noel Kuntze
>> >
>> > GPG Key id: 0x63EC6658
>> > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>> >
>> > Am 18.08.2014 um 15:12 schrieb amysue.z at gmail.com
>> <mailto:amysue.z at gmail.com>
>> > <mailto:amysue.z at gmail.com <mailto:amysue.z at gmail.com>>:
>> >> I also want to know are there any special configurations to
>> > install strongswan for ikev2 mobike?
>> >
>> >> For install strongswan to my pc, I just
>> >> /./configure/
>> >> /make/
>> >> /make install/
>> >> /
>> >> /
>> >> Thanks,
>> >
>> >
>> >> 2014-08-18 21:08 GMT+08:00 <amysue.z at gmail.com
>> <mailto:amysue.z at gmail.com>
>> > <mailto:amysue.z at gmail.com <mailto:amysue.z at gmail.com>>
>> <mailto:amysue.z at gmail.com <mailto:amysue.z at gmail.com>
>> > <mailto:amysue.z at gmail.com <mailto:amysue.z at gmail.com>>>>:
>> >
>> >> Hi Noel,
>> >> The output of "ipsec statusall" is
>> >> /Status of IKE charon daemon (strongSwan 5.0.2, Linux
>> > 2.6.18-348.1.1.el5, i686):/
>> >> / uptime: 14 minutes, since Aug 18 18:21:46 2014/
>> >> / malloc: sbrk 135168, mmap 0, used 86616, free 48552/
>> >> / worker threads: 8 of 16 idle, 7/1/0/0 working, job queue:
>> > 0/0/0/0, scheduled: 0/
>> >> / loaded plugins: charon aes des sha1 sha2 md5 random nonce
>> > x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem
>> > fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve
>> > socket-default stroke updown eap-md5 eap-radius xauth-generic/
>> >> /Listening IP addresses:/
>> >> / 192.168.2.6/ <http://192.168.2.6/> <http://192.168.2.6/>
>> >> / 12.12.1.203/ <http://12.12.1.203/> <http://12.12.1.203/>
>> >> /Connections:/
>> >> /Security Associations (0 up, 0 connecting):/
>> >> / none/
>> >
>> >> And, how do I enable logging[1] ? I don't use strongswan
>> > much, So it feel difficult for me.
>> >> Thank you again for your help
>> >
>> >
>> >
>> >> 2014-08-18 21:02 GMT+08:00 Noel Kuntze
>> <noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>
>> > <mailto:noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>>
>> <mailto:noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>
>> > <mailto:noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>>>>:
>> >
>> >> Hello,
>> >
>> >> Check your system log for errors and show us the output of "ipsec
>> > statusall".
>> >> Sometimes, it takes a couple of seconds for the daemon to load the
>> > configuration. Waiting a bit can help in this case.
>> >> The reason for this is, that all the ipsec commands are asynchronous.
>> >> If the configuration isn't loaded for a couple of seconds, please
>> > enable logging[1].
>> >> StrongSwan can handle Mobike. It's a daemon thing, not a kernel
>> thing.
>> >
>> >> [1]
>> >
>> https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
>> >
>> >> Regards,
>> >> Noel Kuntze
>> >
>> >> GPG Key id: 0x63EC6658
>> >> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>> >
>> >> Am 18.08.2014 um 14:56 schrieb amysue.z at gmail.com
>> <mailto:amysue.z at gmail.com>
>> > <mailto:amysue.z at gmail.com <mailto:amysue.z at gmail.com>>
>> <mailto:amysue.z at gmail.com <mailto:amysue.z at gmail.com>
>> > <mailto:amysue.z at gmail.com <mailto:amysue.z at gmail.com>>>:
>> >>> Hello,
>> >
>> >>> My OS is centos 5.9 and i have installed Linux strongSwan
>> > U5.0.2/K2.6.18-348.1.1.el5.
>> >>> After installation,i start strongswan:
>> >>> ipsec start
>> >>> then i up an connection:
>> >>> ipsec up client
>> >>> then I get an error:*no config named 'client'*
>> >>> Actually, I define an connection in /etc/ipsec.conf.
>> >
>> >>> Below is my /etc/ipsec.conf
>> >
>> >>> /config setup/
>> >>> / strictcrlpolicy=no/
>> >>> / charonstart=yes/
>> >>> /
>> >>> /
>> >>> /conn %default/
>> >>> / ikelifetime=28800s/
>> >>> / keylife=28800s/
>> >>> / rekeymargin=3m/
>> >>> / keyingtries=3/
>> >>> / keyexchange=ikev2/
>> >>> / ike=3des-sha1-modp1024/
>> >>> / esp=3des-sha1/
>> >>> /
>> >>> /
>> >>> /conn client/
>> >>> / left=12.12.1.203/ <http://12.12.1.203/>
>> <http://12.12.1.203/> <http://12.12.1.203/>
>> >>> / leftsourceip=%config/
>> >>> / leftcert=client1_cert.pem/
>> >>> / leftid="/C=CN/ST=SH/O=CS/CN=IKEv2_Client1"/
>> >>> / right=11.11.11.200/ <http://11.11.11.200/>
>> <http://11.11.11.200/>
>> > <http://11.11.11.200/>
>> >>> / rightid="/C=CN/ST=SH/O=CS/CN=11.11.11.200"/
>> >>> / rightsubnet=192.168.168.0/24 <http://192.168.168.0/24>
>> <http://192.168.168.0/24>
>> > <http://192.168.168.0/24> <http://192.168.168.0/24>/
>> >>> / auto=add/
>> >>> /
>> >>> /
>> >>> I have no idea what to do now, I really need your help, any one
>> > could help me?
>> >>> Thank you very much
>> >
>>
>> ======================================================================
>> Andreas Steffen
>> andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>
>> strongSwan - the Open Source VPN Solution!
>> www.strongswan.org <http://www.strongswan.org>
>> Institute for Internet Technologies and Applications
>> University of Applied Sciences Rapperswil
>> CH-8640 Rapperswil (Switzerland)
>> ===========================================================[ITA-HSR]==
>>
>>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBAgAGBQJT8vVqAAoJEDg5KY9j7GZYJMwP/jyVVAKKSktieQpiN3C9j1MT
kzexEFHJ+V98pL69QhidyEhRQMtWGivZlw3tEraR/9eOj6gvNipXHZeVtGgLsWfU
3ovXZGTzjpD0qac7lIB2zVw/aypkx3VD1B1UEKjtwxdtqHE+ao2zGcbY84UZ9WIk
qmjNhcuIWl3d4UPwq8dlUu9aKHbJBHK+r5nZDp6eKMtcPqguAsOCRcxMmm7qO3o/
2xriAFHzUBrnprQHAmSKZM08jxXsStgeEugLsw6Aq595kCNYKccWyJ64nGOPw++f
Fk3AV4jaBz0CYg5QqGoOQ5+b4NggNKBCFJzNd7lVUg/SVL5wJA6hnUCRHzb/h4pd
7m5ijUzOoFFq5WFfxKPA9Amqw2eBeeToMngifj5bpaXVHgDn16KMp6BEuLYe9DZ5
1TSQRUjdN6XrqUgwlFJuLea2IpT/tvd0OpqtwUUx77vct4LjhAzF1rL7i4BYOoq9
5bNUlxUvUFrU+9SDKjIgYaKPXOt1l4NGjigAB1wSx7Z7mSHBWqgoBYMt2V0sbKX5
GZrXakRuthUXf9dHlctOLCRgij69HjrmitK1u3DLlUA97AGHBWZgpf4utrWRer2d
sY22bT83q3yHQMZCSUSpgzL/zfa+6IS6PdQUhert+zTY9YxcwCVErFqIU3afN3Z7
i9GyCE+5b0bfDhbUPCEy
=yqqK
-----END PGP SIGNATURE-----
More information about the Users
mailing list