[strongSwan] Strongswan[5.4.0] unix:///var/run/charon.vici

rajeev nohria rajnohria at gmail.com
Wed May 11 13:50:30 CEST 2016 

Andreas,

I appreciate helping me out.  Now I am making progress with Charon running,
Not sure why it was stopping before.  I am getting following error now, I
am going over my config files. Hopefully I will find the issue.

rnohria at ubuntu:~$ sudo swanctl --load-conns
06[LIB] OpenSSL X.509 parsing failed
06[LIB] building CRED_CERTIFICATE - X509 failed, tried 4 builders
loading connection 'rw' failed: invalid value for: certs, config discarded
loaded 0 of 1 connections, 1 failed to load, 0 unloaded


Question:

Can I use Strongswan to make connections dynamically, not via config file.
For config file we need to know information beforehand. If I don't know all
the information beforehand like local and remote IP address. Is there any
interface exist in Strongswan to support dynamic connection.

Thanks,
Rajeev





On Wed, May 11, 2016 at 4:41 AM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:

> Hi Rajeev,
>
> try running charon in the foreground:
>
>    sudo /usr/local/libexec/ipsec/charon
>
> and check for error messages in the console window.
>
> Cheers Andreas
>
> On 11.05.2016 11:53, rajeev nohria wrote:
>
>> Andreas,
>>
>> It seems like Charon daemon is not running, When I run the charon
>> command, it immediately stops it. Where can I find the charon log to see
>> if there is any issue?
>>
>> rnohria at ubuntu:~$ sudo /usr/local/libexec/ipsec/charon&
>> [1] 7272
>> rnohria at ubuntu:~$
>>
>> [1]+  Stopped                 sudo /usr/local/libexec/ipsec/charon
>>
>> Thanks,
>> Rajeev
>>
>>
>> On Wed, May 11, 2016 at 2:55 AM, Andreas Steffen
>> <andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>>
>> wrote:
>>
>>     Hi Rajeev,
>>
>>     can you check in the charon log if the vici plugin has been loaded?
>>     And do you see the charon daemon running in the process status
>>     (ps aux | grep charon)?
>>
>>     Regards
>>
>>     Andreas
>>
>>     On 05/11/2016 04:04 AM, rajeev nohria wrote:
>>     > Thanks Andreas,
>>     >
>>     > I ran the charon and also copied the charon script file to
>> /etc/init.d.
>>     > Now when I run sudo swanctl --load-conn, I still get the same issue.
>>     > connecting to 'unix:///var/run/charon.vici' failed: No such file or
>>     > directory
>>     > Error: connecting to 'default' URI failed: No such file or directory
>>     > strongSwan 5.4.0 swanctl
>>     > usage:
>>     >   swanctl --load-conns [--raw|--pretty]
>>     >            --help            (-h)  show usage information
>>     >            --raw             (-r)  dump raw response message
>>     >            --pretty          (-P)  dump raw response message in
>> pretty print
>>     >            --debug           (-v)  set debug level, default: 1
>>     >            --options         (-+)  read command line options from
>> file
>>     >            --uri             (-u)  service URI to connect to
>>     >
>>     >
>>     > Am I missing any other step?
>>     >
>>     > Thanks,
>>     > Rajeev
>>     >
>>     > On Tue, May 10, 2016 at 3:59 AM, Andreas Steffen
>>      > <andreas.steffen at strongswan.org
>>     <mailto:andreas.steffen at strongswan.org>
>>     <mailto:andreas.steffen at strongswan.org
>>
>>     <mailto:andreas.steffen at strongswan.org>>>
>>      > wrote:
>>      >
>>      >     Hi Rajeev,
>>      >
>>      >     is the charon daemon running? If not, either start charon
>>     manually:
>>      >
>>      >       sudo /usr/local/libexec/ipsec/charon &
>>      >
>>      >     or if your Linux distribution still uses upstart, copy the
>>      >     following script to /etc/init.d/
>>      >
>>      >
>>      >
>>
>> https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/testing/hosts/default/etc/init.d/charon
>>      >
>>      >     and start the charon daemon in the appropriate runlevels.
>>      >
>>      >     If your Linux distribution uses systemd instead, compile and
>>      >     install strongSwan with
>>      >
>>      >        ./config --enable-systemd
>>      >
>>      >     and enable and start the strongswan-swanctl service.
>>      >
>>      >     BTW - in order to use the vici socket you must be root. Thus
>>      >
>>      >       sudo swanctl --load-conn
>>      >
>>      >     Best regards
>>      >
>>      >     Andreas
>>      >
>>      >
>>      >     On 09.05.2016 16:34, rajeev nohria wrote:
>>      >
>>      >         I am new user of Strongswan and running 5.4.0. After
>> creating
>>      >         certificates and configuring two Ubuntu m/c with Strongswan
>>      >         5.4.0. I try
>>      >         to create connection as following and get error. Please
>>     advise,
>>      >         how to
>>      >         resolve following issue?
>>      >
>>      >         $swanctl --load-conn
>>      >         connecting to 'unix:///var/run/charon.vici' failed: No
>>     such file or
>>      >         directory
>>      >         Error: connecting to 'default' URI failed: No such file
>>     or directory
>>      >         strongSwan 5.4.0 swanctl
>>      >         usage:
>>      >
>>      >
>>      >         Thanks,
>>      >         Rajeev
>>      >
>>      >
>>      >         _______________________________________________
>>      >         Users mailing list
>>      > Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
>>     <mailto:Users at lists.strongswan.org <mailto:Users at lists.strongswan.org
>> >>
>>     >https://lists.strongswan.org/mailman/listinfo/users
>>     >
>>     >
>>     >     --
>>     >
>>  ======================================================================
>>     >     Andreas Steffen
>>      > andreas.steffen at strongswan.org
>>     <mailto:andreas.steffen at strongswan.org>
>>     <mailto:andreas.steffen at strongswan.org
>>
>>     <mailto:andreas.steffen at strongswan.org>>
>>     >     strongSwan - the Open Source VPN Solution!
>>      > www.strongswan.org <http://www.strongswan.org>
>>     <http://www.strongswan.org>
>>      >     Institute for Internet Technologies and Applications
>>      >     University of Applied Sciences Rapperswil
>>      >     CH-8640 Rapperswil (Switzerland)
>>      >
>>
>> ===========================================================[ITA-HSR]==
>>      >
>>      >
>>
>>
>>     --
>>     ======================================================================
>>     Andreas Steffen andreas.steffen at strongswan.org
>>     <mailto:andreas.steffen at strongswan.org>
>>     strongSwan - the Open Source VPN Solution! www.strongswan.org
>>     <http://www.strongswan.org>
>>     Institute for Internet Technologies and Applications
>>     University of Applied Sciences Rapperswil
>>     CH-8640 Rapperswil (Switzerland)
>>     ===========================================================[ITA-HSR]==
>>
>>
>>
> --
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution!          www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160511/2470ca6b/attachment-0001.html>

More information about the Users mailing list