[strongSwan] Creation of VICI socket fails (strongswan-5.2.2)

Noel Kuntze noel at familie-kuntze.de
Wed Mar 25 09:59:34 CET 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Chinmaya,

You can use the vici lib to build your own configuration utility which uses
some IPC mechanism or network communication to build/fetch a configuration and load it over VICI socket.
That is functionality that is not in swanctl. You have to build this yourself.

Mit freundlichen Grüßen/Regards,
Noel Kuntze

Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 24.03.2015 um 13:00 schrieb Chinmaya Dwibedy:
> Hi Noel,
> Thank you for the response. Connecting requires an uri, prefixed with unix://. I added the below in strongswan.conf file and there is no issue.
>  
>  
>   vici {
>  
>                         socket = unix:///var/run/charon.vici
>                 }
>  
>  
> Configured the /etc/swanctl.conf and   trigged #swanctl --load-conns (which loads connection configuration) to initiate and establish the IPsec tunnel with IKE Responder. The swanctl works independently from starter, ipsec.conf file. Is there any way to get rid of any configuration file (i.e., swanctl.conf and strongswan.conf) and configure, control and monitor the IKE daemon Charon via command line interface only?
> Regards,
> Chinmaya
> 
> 
> 
> On Friday, March 20, 2015 1:31 PM, Chinmaya Dwibedy <ckdwibedy at yahoo.com> wrote:
> 
> 
> 
> 
> Hi Noel,
> I do not know why I am not getting the response in  my  email Id ( registered with users list) . Anyway checked the response at https://www.mail-archive.com/users@lists.strongswan.org/msg09148.html. Thank you for prompt reply.
> Yes, launched Charon as a root user. I used the followings configuration options
> ./configure --prefix=/usr --sysconfdir=/etc --enable-load-tester --enable-ctr --enable-ccm --enable-gcm --enable-vici --enable-error-notify
> Thereafter did make clean && make && make install . I am using the Fedora release 17.
> [root at sefpdev-1 strongswan-5.2.2]# cat /etc/issue
> Fedora release 17 (Beefy Miracle)
> Kernel \r on an \m (\l)
> [root at sefpdev-1 strongswan-5.2.2]#
>  
> [root at sefpdev-1 strongswan-5.2.2]# uname -a
> Linux sefpdev-1 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
> [root at sefpdev-1 strongswan-5.2.2]#
>  
>  
> [root at sefpdev-1 strongswan-5.2.2]# uname -r
> 3.9.10-100.fc17.x86_64
> [root at sefpdev-1 strongswan-5.2.2]#
>  
> [root at sefpdev-1 strongswan-5.2.2]# file /var/run/charon.vici
> /var/run/charon.vici: socket
> [root at sefpdev-1 strongswan-5.2.2]#
> [root at sefpdev-1 strongswan-5.2.2]# sestatus
> SELinux status:                 disabled
> [root at sefpdev-1 strongswan-5.2.2]#
>  
> Regards,
> Chinmaya
>  
> 
> 
> On Friday, March 20, 2015 1:00 PM, Chinmaya Dwibedy <ckdwibedy at yahoo.com> wrote:
> 
> 
>  
> Hi ,
> I am trying to use the swanctl utility (i.e., a command line application to configure and control charon) (strongswan: 5.2.2) . I configured the /etc/swanctl/swanctl.conf file (On IKE Initiator end) and then upon trying to initiate the connection  thru #swanctl --load-conns, it gives the following errors
> connecting to 'unix:///var/run/charon.vici' failed: Connection refused
> Error: connecting to 'default' URI failed: Connection refused
> strongSwan 5.2.2 swanctl
>  
> I run the #ipsec start command to get the startup log and found that, creation of VICI socket is getting failed.  Can anyone suggest how to resolve this ?
>  
> [root at sefpdev-1 strongswan-5.2.2]# cat /var/log/charon.log | grep vici
> Mar 20 00:00:15 00[LIB] plugin 'vici': loaded successfully
> Mar 20 00:00:15 00[LIB] loading feature CUSTOM:vici in plugin 'vici'
> Mar 20 00:00:15 00[CFG] creating vici socket failed
> Mar 20 00:00:15 00[LIB] feature CUSTOM:vici in plugin 'vici' failed to load
> Mar 20 00:00:15 00[LIB] unloading plugin 'vici' without loaded features
> [root at sefpdev-1 strongswan-5.2.2]#
> 
> Regards,
> Chinmaya
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVEnjxAAoJEDg5KY9j7GZYhYcP/3Pb8OklNHQ3QT1tzw51JrsY
MzQH1e6wd8CDRqo8wOQ6k7hvRp61yffZS4eK044+CTzWfk/ywtrzQ1xpkhvIzTXh
j1RYAkibdZ6GMlscLralCs3svc+98ybYDNVP9pXudlvmdPYiWLOzPxyfikpykIAb
LGIwZUkyXogAfLLhZ63wZLB5xJUwP/5hrs3kb95va4/2n+PPXve1kxugxvqGnBSH
cVCTRLy/6gGCeg1eWyzsRUSb1+xaJFhjP/mo8P+cngDTdMO8OdrxNMSqvreWKACr
tcbporZ9ntMvgwWFAmKTcibsjxyCQvhEE+7uVb8PUeweYdN8/DTJadE6Ebv7W/Bb
j46Z+sWmeTUyBuv7ECJ3lqs5QATldi+ushN133ARwXlrQ/jEJ3mxRJRbH9KWIvFM
4RfzJ1NKgW71cJfaaUNF3FcE8PlOCkjAzlNgJnyB1HfZ7Kt1VMN6/HqwhCkBP9is
waWHCQMJCmVNkgWLmpW76l7TBJvPs0zwmN/PjULFIRLh2GWnDIzVPjAEvia4bDaJ
D4TLzZkBsQCEqm1wDZh1nViaopey7TdqBWQMb1hlLdlL1vaRG5v3b9RUJbXzaBqI
qS1ZMBwT9XqH+0vECB3I/+wscQ94IBceczOdrXQNedEHTLK+rxtQEe6IRl5K6hAF
aFeXsyF/UN1ZmF6somkS
=Xa/G
-----END PGP SIGNATURE-----

More information about the Users mailing list