[strongSwan] ipsec.secrets file is missing

Carlos Yuste carlos.yuste at mantica-solutions.com
Mon Jun 6 16:51:00 CEST 2016



My wild guess is that you don’t have the O.S. IPsec part installed (such as setkey command) and therefore it is failing. You can try to recompile adding  <https://wiki.strongswan.org/projects/strongswan/wiki/Kernel-libipsec> kernel-libipsec support and if it fails, please provide all the info and logs of your system to be able to figure out the issue




From: Users [mailto:users-bounces at lists.strongswan.org] On Behalf Of Kapil Athi
Sent: Monday, June 6, 2016 4:28 PM
To: Noel Kuntze
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] ipsec.secrets file is missing


Thanks Noel and Carlos. 


That's the info i was looking for. Thanks!


btw, i am getting the following error, when i am using strongswan in a QEMU PPC- VM (only in VM, not in actual HW)


Starting strongSwan 5.3.2 IPsec [starter]...
no netkey IPsec stack detected
no KLIPS IPsec stack detected
no known IPsec stack detected, ignoring!

can you please explain a little bit more on what exactly is this issue ? 


i have seen a wiki post about this issue in FreeBSD kernel, https://wiki.strongswan.org/projects/1/wiki/FreeBSD 

. From the explanation, it seems, i can ignore this.i am not using FreeBSD, so bit curious on what exactly is this and why is it seen ? 



Known Problems

*	Before  <https://wiki.strongswan.org/projects/strongswan/wiki/460> strongSwan 4.6.0  <https://wiki.strongswan.org/projects/strongswan/wiki/IpsecStarter> starter did not use the modular kernel interfaces, thus, when it tried to detect an IPsec stack it failed:

·   Starting strongSwan 4.x.x IPsec [starter]...
·   no netkey IPsec stack detected
·   no KLIPS IPsec stack detected
·   no known IPsec stack detected, ignoring!

Fortunately, this detection is not really needed on FreeBSD so simply ignore this message.






On Mon, Jun 6, 2016 at 7:42 PM, Noel Kuntze <noel at familie-kuntze.de> wrote:

On 06.06.2016 15:55, Kapil Athi wrote:
> Can somebody tell me, if /etc/ipsec.secrets file will created at compile time or during run time ? if so, can you give me some suggestion on where to look, if the ipsec.secrets file is missing.

Neither. If your distribution ships with one, it's one created by them, as far as I know. I checked what is in the package that can be found in the AUR, and there's no ipsec.secret.

It makes no sense to distribute an ipsec.secrets file, because the content of it is to be completely customized by you.


Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160606/7d2fc87b/attachment-0001.html>

More information about the Users mailing list