[strongSwan] unable to set IPSEC_POLICY on socket: Operation not supported

Rolf Schöpfer rolf at samplezone.ch
Wed May 14 17:09:43 CEST 2014 

Hi Martin
> Rolf,
>
>> Starting strongSwan 5.1.3 IPsec [starter]...
>> !! Your strongswan.conf contains manual plugin load options for charon.
>> !! This is recommended for experts only, see
>> !! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
> You should really take this warning seriously, it is there for good
> reason.
I wasn't happy with this message but just trusted documentation: http://www.strongswan.org/uml/testresults4/ikev2/rw-psk-ipv4/.
>
>> feature CUSTOM:libcharon in critical plugin 'charon' has unmet dependency: NONCE_GEN
>> feature CUSTOM:libcharon-receiver in critical plugin 'charon' has unmet dependency: CUSTOM:socket
> Your strongswan.conf load statement misses the "nonce" and the
> "socket-default" plugins. Just uncomment/remove your custom load
> statement, the default generated by ./configure is just fine.
Did use now default config:

# strongswan.conf - strongSwan configuration file
#
# Refer to the strongswan.conf(5) manpage for details
#
# Configuration changes should be made in the included files

charon {
         load_modular = yes
         plugins {
                 include strongswan.d/charon/*.conf
         }
}

include strongswan.d/*.conf




<<< Development SZ 17:04:12 >>> root:/usr/strongswan-5.1.3
# sbin/ipsec start
Starting strongSwan 5.1.3 IPsec [starter]...
# deprecated keyword 'plutostart' in config setup
### 1 parsing error (0 fatal) ###

<<< Development SZ 17:04:16 >>> root:/usr/strongswan-5.1.3
# tail /var/log/syslog
May 14 17:05:01 development charon: 00[CFG] loading secrets from '/etc/config/strongswan/ipsec.secrets'
May 14 17:05:01 development charon: 00[CFG]   loaded IKE secret for @development.samplezone.ch @office.samplezone.ch
May 14 17:05:01 development charon: 00[LIB] loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp 
xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown xauth-generic
May 14 17:05:01 development charon: 00[LIB] unable to load 6 plugin features (6 due to unmet dependencies)
May 14 17:05:01 development charon: 00[JOB] spawning 16 worker threads
May 14 17:05:01 development charon: 08[DMN] thread 8 received 11
May 14 17:05:01 development charon: 08[LIB]  dumping 2 stack frame addresses:
May 14 17:05:01 development charon: 08[LIB]    @ 0xb771c000 (__kernel_sigreturn+0x0) [0xb771c500]
May 14 17:05:01 development charon: 08[LIB] /usr/strongswan-5.1.3/lib/ipsec/plugins/libstrongswan-resolve.so @ 0xb72f8000 [0xb72fa830]
May 14 17:05:01 development charon: 09[DMN] thread 9 received 11


I guess there are too many missing PlugIns!?


Anyway, I need to recompile strongSwan with missing Parameter "--with-kernel-libipsec".


>
> Regards
> Martin
>
>
>

More information about the Users mailing list