[strongSwan] unable to set IPSEC_POLICY on socket: Operation not supported

Rolf Schöpfer rolf at samplezone.ch
Fri May 9 19:31:27 CEST 2014 

Hi

Today I didn't succed to configure site2site VPN with strongSwan. Details:

- Server Debian 7.3 32-bit,  OpenVZ VM (Host is Proxmox)
- I did configure 'Gateway moon' of http://www.strongswan.org/uml/testresults4/ikev2/rw-psk-ipv4/

# ipsec start
Starting strongSwan 4.5.2 IPsec [starter]...
!! Your strongswan.conf contains manual plugin load options for
!! pluto and/or charon. This is recommended for experts only, see
!! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad

# tail /var/log/daemon.log
May  9 19:22:49 development charon: 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.5.2)
May  9 19:22:49 development charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
May  9 19:22:49 development charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
May  9 19:22:49 development charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
May  9 19:22:49 development charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
May  9 19:22:49 development charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
May  9 19:22:49 development charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
May  9 19:22:49 development charon: 00[CFG]   loaded IKE secret for @development.test @office.test
May  9 19:22:49 development charon: 00[KNL] listening on interfaces:
May  9 19:22:49 development charon: 00[KNL]   venet0
May  9 19:22:49 development charon: 00[KNL]     127.0.0.2
May  9 19:22:49 development charon: 00[KNL]     [Public IP not shown in this E-Mail]
May  9 19:22:49 development charon: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
May  9 19:22:49 development charon: 00[NET] installing bypass policy on receive socket failed
May  9 19:22:49 development charon: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
May  9 19:22:49 development charon: 00[NET] installing bypass policy on send socket failed
May  9 19:22:49 development charon: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
May  9 19:22:49 development charon: 00[NET] installing bypass policy on send socket failed
May  9 19:22:49 development charon: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not permitted
May  9 19:22:49 development charon: 00[NET] installing bypass policy on receive socket failed
May  9 19:22:49 development charon: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not permitted
May  9 19:22:49 development charon: 00[NET] installing bypass policy on send socket failed
May  9 19:22:49 development charon: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not permitted
May  9 19:22:49 development charon: 00[NET] installing bypass policy on send socket failed
May  9 19:22:49 development charon: 00[DMN] loaded plugins: aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-raw updown
May  9 19:22:49 development charon: 00[DMN] unable to drop daemon capabilities
May  9 19:22:49 development charon: 00[DMN] capability dropping failed - aborting charon


I did check Kernel stuff: http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules

I did load some Modules on the Host manually:

# modprobe ah4
#  modprobe esp4
#  modprobe ipcomp
#  modprobe xfrm4_tunnel

But still the same Error.

Is there another missing Module?

Any help is appreciated.

Flink

More information about the Users mailing list