[strongSwan] ipsec.secrets file is missing

Mon Jun 6 16:12:22 CEST 2016

Hello,

Ipsec.secrets file stores the information about the subscribers that you will use in you tunnel, that’s why it is not included in the installation. You can find lots of examples of ipsec.secrets files (and the rest of the required files to configure server and client side) in the tests section:

https://wiki.strongswan.org/projects/strongswan/wiki/ConfigurationExamples

BR

From: Users [mailto:users-bounces at lists.strongswan.org] On Behalf Of Kapil Athi
Sent: Monday, June 6, 2016 3:55 PM
To: users at lists.strongswan.org
Subject: [strongSwan] ipsec.secrets file is missing

Hi Folks,

Thanks for adding me into Strongswan User Community!

I need some info on how "/etc/ipsec.secrets" file is installed/generated. In my current development environment with strongswan 5.3.2, i see /etc/ipsec.secrets file is missing after installation, so need some info to understand how "ipsec.secrets" is created, so i can debug this.

i am using yocto based enviroment with linux 3.12

yocto ver : 1.6 

Strongswan version used: 5.3.2

Linux kernel :  3.12 (Mentor embedded linux - MEL)

strongswan recipe : http://git.openembedded.org/meta-openembedded/tree/meta-networking/recipes-support/strongswan/strongswan_5.3.2.bb

With the above Strongswan recipe, i have compiled and installed the strongswan 5.3.2.

After bootup, i see that "/etc/ipsec.secrets" file is not created. Even, in the MEL built rootfs, i don't see the file /etc/ipsec.secrets. 

Now, i can manually create this file and start using it, but i wanted to learn why this file is missing in the first place.

Can somebody tell me, if /etc/ipsec.secrets file will created at compile time or during run time ? if so, can you give me some suggestion on where to look, if the ipsec.secrets file is missing.

FYI. Earlier i was using strongswan 5.1.1 and 5.2.1, and ipsec.secrets always used to be there.

Error Log:

=======

 daemon.info charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'

 daemon.info charon: 00[CFG] opening secrets file '/etc/ipsec.secrets' failed: No such file or directory

Logs: 

====

 authpriv.info ipsec_starter[590]: Starting strongSwan 5.3.2 IPsec [starter]...

 daemon.info charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.2, Linux 3.12.19-rt30, ppc)

 daemon.info ipsec[590]: Starting strongSwan 5.3.2 IPsec [starter]...

 daemon.info charon: 00[KNL] received netlink error: Operation not supported (95)

 daemon.info charon: 00[KNL] unable to create IPv6 routing table rule 

 daemon.info charon: 00[KNL] unable to create IPv4 routing table rule

 daemon.info charon: 00[KNL] received netlink error: Operation not supported (95)

 daemon.info charon: 00[KNL] unable to create IPv6 routing table rule

 daemon.info charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'

 daemon.info charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'

 daemon.info charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'

 daemon.info charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'

 daemon.info charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'

 daemon.info charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'

 daemon.info charon: 00[CFG] opening secrets file '/etc/ipsec.secrets' failed: No such file or directory

 daemon.info charon: 00[LIB] loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubke

 daemon.info charon: 00[JOB] spawning 16 worker threads

Thanks

Kapil.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160606/aecf5d55/attachment-0001.html>