[strongSwan] [Strongswan] no config named 'client'
amysue.z at gmail.com
amysue.z at gmail.com
Tue Aug 19 09:18:31 CEST 2014
Hi Noel, Andreas
Now my strongswan is working well now.
Thank you verry much!
2014-08-19 13:28 GMT+08:00 Andreas Steffen <andreas.steffen at strongswan.org>:
> Hello Amysu,
>
> go into the strongswan source directory and execute
>
> make clean
> ./configure --sysconfdir=/etc <any other options>
> make
> make install
>
> and the path pointing to the configuration files is changed from
> /usr/local/etc to /etc. If you want you to clean up you can remove
> the old configuration files:
>
> cd /usr/local/etc
> rm -r ipsec.d swanctl ipsec.secrets ipsec.conf strongswan.conf
>
> Best regards
>
> Andreas
>
> On 08/19/2014 07:02 AM, amysue.z at gmail.com wrote:
> > Hello Andreas,
> >
> > I have installed strongswan, how can change the sysconfdir, should I
> > uninstall it first? I don't know how to uninstall strongswan?
> >
> > Thanks for your help
> >
> >
> > 2014-08-19 12:36 GMT+08:00 Andreas Steffen
> > <andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org
> >>:
> >
> > Hello Amysue,
> >
> > you have to build strongSwan with
> >
> > ./configure --sysconfdir=/etc
> >
> > Regards
> >
> > Andreas
> >
> > On 08/19/2014 05:18 AM, amysue.z at gmail.com
> > <mailto:amysue.z at gmail.com> wrote:
> > > Hi Noel,
> > >
> > > I have checked the strongswan logs at /var/log/messages, and I
> found
> > > that it load the conf directory /usr/loca/etc, while I put all my
> > conf
> > > files at /etc, which I think cause my problem.
> > > Is there any way that I can change the conf directory to /etc.
> > >
> > > Thanks,
> > >
> > >
> > > 2014-08-18 21:16 GMT+08:00 Noel Kuntze <noel at familie-kuntze.de
> > <mailto:noel at familie-kuntze.de>
> > > <mailto:noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>>>:
> > >
> > > Hello Amysue
> > >
> > > Please refer to [2] for a how-to for installing strongSwan.
> > > Please note that some modules that could be necessary for your
> setup
> > > need to be compiled by giving the corresponding parameters to
> > > ./configure.
> > >
> > > Regards,
> > > Noel Kuntze
> > >
> > > GPG Key id: 0x63EC6658
> > > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> > >
> > > Am 18.08.2014 um 15:12 schrieb amysue.z at gmail.com
> > <mailto:amysue.z at gmail.com>
> > > <mailto:amysue.z at gmail.com <mailto:amysue.z at gmail.com>>:
> > >> I also want to know are there any special configurations to
> > > install strongswan for ikev2 mobike?
> > >
> > >> For install strongswan to my pc, I just
> > >> /./configure/
> > >> /make/
> > >> /make install/
> > >> /
> > >> /
> > >> Thanks,
> > >
> > >
> > >> 2014-08-18 21:08 GMT+08:00 <amysue.z at gmail.com
> > <mailto:amysue.z at gmail.com>
> > > <mailto:amysue.z at gmail.com <mailto:amysue.z at gmail.com>>
> > <mailto:amysue.z at gmail.com <mailto:amysue.z at gmail.com>
> > > <mailto:amysue.z at gmail.com <mailto:amysue.z at gmail.com>>>>:
> > >
> > >> Hi Noel,
> > >> The output of "ipsec statusall" is
> > >> /Status of IKE charon daemon (strongSwan 5.0.2, Linux
> > > 2.6.18-348.1.1.el5, i686):/
> > >> / uptime: 14 minutes, since Aug 18 18:21:46 2014/
> > >> / malloc: sbrk 135168, mmap 0, used 86616, free 48552/
> > >> / worker threads: 8 of 16 idle, 7/1/0/0 working, job queue:
> > > 0/0/0/0, scheduled: 0/
> > >> / loaded plugins: charon aes des sha1 sha2 md5 random nonce
> > > x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem
> > > fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve
> > > socket-default stroke updown eap-md5 eap-radius xauth-generic/
> > >> /Listening IP addresses:/
> > >> / 192.168.2.6/ <http://192.168.2.6/> <http://192.168.2.6/>
> > >> / 12.12.1.203/ <http://12.12.1.203/> <http://12.12.1.203/>
> > >> /Connections:/
> > >> /Security Associations (0 up, 0 connecting):/
> > >> / none/
> > >
> > >> And, how do I enable logging[1] ? I don't use strongswan
> > > much, So it feel difficult for me.
> > >> Thank you again for your help
> > >
> > >
> > >
> > >> 2014-08-18 21:02 GMT+08:00 Noel Kuntze
> > <noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>
> > > <mailto:noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>>
> > <mailto:noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>
> > > <mailto:noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>>>>:
> > >
> > >> Hello,
> > >
> > >> Check your system log for errors and show us the output of "ipsec
> > > statusall".
> > >> Sometimes, it takes a couple of seconds for the daemon to load the
> > > configuration. Waiting a bit can help in this case.
> > >> The reason for this is, that all the ipsec commands are
> asynchronous.
> > >> If the configuration isn't loaded for a couple of seconds, please
> > > enable logging[1].
> > >> StrongSwan can handle Mobike. It's a daemon thing, not a kernel
> > thing.
> > >
> > >> [1]
> > >
> >
> https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
> > >
> > >> Regards,
> > >> Noel Kuntze
> > >
> > >> GPG Key id: 0x63EC6658
> > >> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> > >
> > >> Am 18.08.2014 um 14:56 schrieb amysue.z at gmail.com
> > <mailto:amysue.z at gmail.com>
> > > <mailto:amysue.z at gmail.com <mailto:amysue.z at gmail.com>>
> > <mailto:amysue.z at gmail.com <mailto:amysue.z at gmail.com>
> > > <mailto:amysue.z at gmail.com <mailto:amysue.z at gmail.com>>>:
> > >>> Hello,
> > >
> > >>> My OS is centos 5.9 and i have installed Linux strongSwan
> > > U5.0.2/K2.6.18-348.1.1.el5.
> > >>> After installation,i start strongswan:
> > >>> ipsec start
> > >>> then i up an connection:
> > >>> ipsec up client
> > >>> then I get an error:*no config named 'client'*
> > >>> Actually, I define an connection in /etc/ipsec.conf.
> > >
> > >>> Below is my /etc/ipsec.conf
> > >
> > >>> /config setup/
> > >>> / strictcrlpolicy=no/
> > >>> / charonstart=yes/
> > >>> /
> > >>> /
> > >>> /conn %default/
> > >>> / ikelifetime=28800s/
> > >>> / keylife=28800s/
> > >>> / rekeymargin=3m/
> > >>> / keyingtries=3/
> > >>> / keyexchange=ikev2/
> > >>> / ike=3des-sha1-modp1024/
> > >>> / esp=3des-sha1/
> > >>> /
> > >>> /
> > >>> /conn client/
> > >>> / left=12.12.1.203/ <http://12.12.1.203/>
> > <http://12.12.1.203/> <http://12.12.1.203/>
> > >>> / leftsourceip=%config/
> > >>> / leftcert=client1_cert.pem/
> > >>> / leftid="/C=CN/ST=SH/O=CS/CN=IKEv2_Client1"/
> > >>> / right=11.11.11.200/ <http://11.11.11.200/>
> > <http://11.11.11.200/>
> > > <http://11.11.11.200/>
> > >>> / rightid="/C=CN/ST=SH/O=CS/CN=11.11.11.200"/
> > >>> / rightsubnet=192.168.168.0/24 <http://192.168.168.0/24>
> > <http://192.168.168.0/24>
> > > <http://192.168.168.0/24> <http://192.168.168.0/24>/
> > >>> / auto=add/
> > >>> /
> > >>> /
> > >>> I have no idea what to do now, I really need your help, any one
> > > could help me?
> > >>> Thank you very much
> > >
> >
> >
> ======================================================================
> > Andreas Steffen
> > andreas.steffen at strongswan.org <mailto:
> andreas.steffen at strongswan.org>
> > strongSwan - the Open Source VPN Solution!
> > www.strongswan.org <http://www.strongswan.org>
> > Institute for Internet Technologies and Applications
> > University of Applied Sciences Rapperswil
> > CH-8640 Rapperswil (Switzerland)
> >
> ===========================================================[ITA-HSR]==
> >
> >
>
> --
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140819/67c2fd9b/attachment-0001.html>
More information about the Users
mailing list