[strongSwan] Small Problems with 5.2

Dirk Hartmann dha at heise.de
Thu Jul 10 15:54:53 CEST 2014


I hit two problems after upgrading to 5.2.
System on both sides is a Debian wheezy 64. Strongswan compiled with:
./configure --prefix=/usr --sysconfdir=/etc --enable-blowfish 
--enable-curl --enable-openssl --disable-ikev1 --enable-ntru

./configure --prefix=/usr --sysconfdir=/etc --enable-blowfish 
--enable-curl --enable-eap-radius --enable-ha --enable-openssl 
--enable-xauth-eap --enable-eap-mschapv2 --enable-eap-identity 
--enable-sql --enable-attr-sql --enable-sqlite --enable-xauth-noauth 

1. I get this error on both systems after upgrade:
ipsec_starter[3318]: notifying watcher failed: Broken pipe

2. I had to roll back to 5.1.3 on the gateway because I couldn't 
connect from other linux IKEv2 clients which authenticate via X.509 
I got: no trusted RSA public key found for NAME

On the other side IKEv1 connections from Mac/iOS with certificates and 
IKEv2 connections from Windows clients with eap-mschapv2 had no 
(No Win7 Client with IKEv2 and X509 certificates try to connect that 

As the gateway is in productive use I coudn't debug the problem for 

I have a second server with the same configuration that I can use to 
dig deeper into the problem. What further information would you need, 
what debug levels should I use?

All the while the gateway is back on 5.1.3 while my home client is 
still on 5.2 and can connect despite the Broken Pipe error.

Best Regards

More information about the Users mailing list