[strongSwan] Strongswan[5.4.0] unix:///var/run/charon.vici

rajeev nohria rajnohria at gmail.com
Mon Jun 13 16:37:23 CEST 2016


Hi Andreas,

We are planning to use davici library for the establishment of dynamic
IKEv2 connection using Strongswan’s IKE client.  Are there any licensing
implications of using davici library?   Please confirm/clarify.


Thanks,

Rajeev

On Wed, May 11, 2016 at 9:18 AM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:

> Hi Rajeev,
>
> there seems something wrong with your user certificate.
>
> You can configure the charon daemon dynamically using the
> VICI interface. There are VICI bindings for the Perl, Ruby
> and Python script languages which can be used by your
> IPsec management application to communicate with the
> charon daemon. For details have a look at
>
>
> https://github.com/strongswan/strongswan/blob/master/src/libcharon/plugins/vici/README.md
>
> If you intend to write your management application in C or C++
> then consider the DAVICI library:
>
> https://github.com/strongswan/davici/blob/master/README.md
>
> Regards
>
> Andreas
>
> On 11.05.2016 13:50, rajeev nohria wrote:
> > Andreas,
> >
> > I appreciate helping me out.  Now I am making progress with Charon
> > running, Not sure why it was stopping before.  I am getting following
> > error now, I am going over my config files. Hopefully I will find the
> > issue.
> >
> > rnohria at ubuntu:~$ sudo swanctl --load-conns
> > 06[LIB] OpenSSL X.509 parsing failed
> > 06[LIB] building CRED_CERTIFICATE - X509 failed, tried 4 builders
> > loading connection 'rw' failed: invalid value for: certs, config
> discarded
> > loaded 0 of 1 connections, 1 failed to load, 0 unloaded
> >
> >
> > Question:
> >
> > Can I use Strongswan to make connections dynamically, not via config
> > file. For config file we need to know information beforehand. If I don't
> > know all the information beforehand like local and remote IP address. Is
> > there any interface exist in Strongswan to support dynamic connection.
> >
> > Thanks,
> > Rajeev
> >
> >
> >
> >
> >
> > On Wed, May 11, 2016 at 4:41 AM, Andreas Steffen
> > <andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>>
> > wrote:
> >
> >     Hi Rajeev,
> >
> >     try running charon in the foreground:
> >
> >        sudo /usr/local/libexec/ipsec/charon
> >
> >     and check for error messages in the console window.
> >
> >     Cheers Andreas
> >
> >     On 11.05.2016 11:53, rajeev nohria wrote:
> >
> >         Andreas,
> >
> >         It seems like Charon daemon is not running, When I run the charon
> >         command, it immediately stops it. Where can I find the charon
> >         log to see
> >         if there is any issue?
> >
> >         rnohria at ubuntu:~$ sudo /usr/local/libexec/ipsec/charon&
> >         [1] 7272
> >         rnohria at ubuntu:~$
> >
> >         [1]+  Stopped                 sudo
> /usr/local/libexec/ipsec/charon
> >
> >         Thanks,
> >         Rajeev
> >
> >
> >         On Wed, May 11, 2016 at 2:55 AM, Andreas Steffen
> >         <andreas.steffen at strongswan.org
> >         <mailto:andreas.steffen at strongswan.org>
> >         <mailto:andreas.steffen at strongswan.org
> >         <mailto:andreas.steffen at strongswan.org>>>
> >         wrote:
> >
> >             Hi Rajeev,
> >
> >             can you check in the charon log if the vici plugin has been
> >         loaded?
> >             And do you see the charon daemon running in the process
> status
> >             (ps aux | grep charon)?
> >
> >             Regards
> >
> >             Andreas
> >
> >             On 05/11/2016 04:04 AM, rajeev nohria wrote:
> >             > Thanks Andreas,
> >             >
> >             > I ran the charon and also copied the charon script file to
> >         /etc/init.d.
> >             > Now when I run sudo swanctl --load-conn, I still get the
> >         same issue.
> >             > connecting to 'unix:///var/run/charon.vici' failed: No
> >         such file or
> >             > directory
> >             > Error: connecting to 'default' URI failed: No such file or
> >         directory
> >             > strongSwan 5.4.0 swanctl
> >             > usage:
> >             >   swanctl --load-conns [--raw|--pretty]
> >             >            --help            (-h)  show usage information
> >             >            --raw             (-r)  dump raw response
> message
> >             >            --pretty          (-P)  dump raw response
> >         message in pretty print
> >             >            --debug           (-v)  set debug level,
> default: 1
> >             >            --options         (-+)  read command line
> >         options from file
> >             >            --uri             (-u)  service URI to connect
> to
> >             >
> >             >
> >             > Am I missing any other step?
> >             >
> >             > Thanks,
> >             > Rajeev
> >             >
> >             > On Tue, May 10, 2016 at 3:59 AM, Andreas Steffen
> >              > <andreas.steffen at strongswan.org
> >         <mailto:andreas.steffen at strongswan.org>
> >             <mailto:andreas.steffen at strongswan.org
> >         <mailto:andreas.steffen at strongswan.org>>
> >             <mailto:andreas.steffen at strongswan.org
> >         <mailto:andreas.steffen at strongswan.org>
> >
> >             <mailto:andreas.steffen at strongswan.org
> >         <mailto:andreas.steffen at strongswan.org>>>>
> >              > wrote:
> >              >
> >              >     Hi Rajeev,
> >              >
> >              >     is the charon daemon running? If not, either start
> charon
> >             manually:
> >              >
> >              >       sudo /usr/local/libexec/ipsec/charon &
> >              >
> >              >     or if your Linux distribution still uses upstart,
> >         copy the
> >              >     following script to /etc/init.d/
> >              >
> >              >
> >              >
> >
> >
> https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/testing/hosts/default/etc/init.d/charon
> >              >
> >              >     and start the charon daemon in the appropriate
> runlevels.
> >              >
> >              >     If your Linux distribution uses systemd instead,
> >         compile and
> >              >     install strongSwan with
> >              >
> >              >        ./config --enable-systemd
> >              >
> >              >     and enable and start the strongswan-swanctl service.
> >              >
> >              >     BTW - in order to use the vici socket you must be
> >         root. Thus
> >              >
> >              >       sudo swanctl --load-conn
> >              >
> >              >     Best regards
> >              >
> >              >     Andreas
> >              >
> >              >
> >              >     On 09.05.2016 16:34, rajeev nohria wrote:
> >              >
> >              >         I am new user of Strongswan and running 5.4.0.
> >         After creating
> >              >         certificates and configuring two Ubuntu m/c with
> >         Strongswan
> >              >         5.4.0. I try
> >              >         to create connection as following and get error.
> >         Please
> >             advise,
> >              >         how to
> >              >         resolve following issue?
> >              >
> >              >         $swanctl --load-conn
> >              >         connecting to 'unix:///var/run/charon.vici'
> >         failed: No
> >             such file or
> >              >         directory
> >              >         Error: connecting to 'default' URI failed: No
> >         such file
> >             or directory
> >              >         strongSwan 5.4.0 swanctl
> >              >         usage:
> >              >
> >              >
> >              >         Thanks,
> >              >         Rajeev
> >              >
> >              >
> >              >         _______________________________________________
> >              >         Users mailing list
> >              > Users at lists.strongswan.org
> >         <mailto:Users at lists.strongswan.org>
> >         <mailto:Users at lists.strongswan.org
> >         <mailto:Users at lists.strongswan.org>>
> >             <mailto:Users at lists.strongswan.org
> >         <mailto:Users at lists.strongswan.org>
> >         <mailto:Users at lists.strongswan.org
> >         <mailto:Users at lists.strongswan.org>>>
> >             >https://lists.strongswan.org/mailman/listinfo/users
> >             >
> >             >
> >             >     --
> >             >
> >
> ======================================================================
> >             >     Andreas Steffen
> >              > andreas.steffen at strongswan.org
> >         <mailto:andreas.steffen at strongswan.org>
> >             <mailto:andreas.steffen at strongswan.org
> >         <mailto:andreas.steffen at strongswan.org>>
> >             <mailto:andreas.steffen at strongswan.org
> >         <mailto:andreas.steffen at strongswan.org>
> >
> >             <mailto:andreas.steffen at strongswan.org
> >         <mailto:andreas.steffen at strongswan.org>>>
> >             >     strongSwan - the Open Source VPN Solution!
> >              > www.strongswan.org <http://www.strongswan.org>
> >         <http://www.strongswan.org>
> >             <http://www.strongswan.org>
> >              >     Institute for Internet Technologies and Applications
> >              >     University of Applied Sciences Rapperswil
> >              >     CH-8640 Rapperswil (Switzerland)
> >              >
> >
> >
>  ===========================================================[ITA-HSR]==
> >              >
> >              >
> >
> >
> >             --
> >
> >
>  ======================================================================
> >             Andreas Steffen andreas.steffen at strongswan.org
> >         <mailto:andreas.steffen at strongswan.org>
> >             <mailto:andreas.steffen at strongswan.org
> >         <mailto:andreas.steffen at strongswan.org>>
> >             strongSwan - the Open Source VPN Solution!
> >         www.strongswan.org <http://www.strongswan.org>
> >             <http://www.strongswan.org>
> >             Institute for Internet Technologies and Applications
> >             University of Applied Sciences Rapperswil
> >             CH-8640 Rapperswil (Switzerland)
> >
> >
>  ===========================================================[ITA-HSR]==
> >
> >
> >
> >     --
> >
>  ======================================================================
> >     Andreas Steffen
> >      andreas.steffen at strongswan.org <mailto:
> andreas.steffen at strongswan.org>
> >     strongSwan - the Open Source VPN Solution!
> >     www.strongswan.org <http://www.strongswan.org>
> >     Institute for Internet Technologies and Applications
> >     University of Applied Sciences Rapperswil
> >     CH-8640 Rapperswil (Switzerland)
> >
>  ===========================================================[ITA-HSR]==
> >
> >
>
> --
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution!          www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160613/b516172e/attachment-0001.html>


More information about the Users mailing list