[strongSwan] Error while running Charon
rajeev nohria
rajnohria at gmail.com
Thu Oct 27 20:34:25 CEST 2016
Problem 1:
root at Xilinx-ZCU102-2016_1:/lib# charon
00[DMN] Starting IKE charon daemon (strongSwan 5.5.0, Linux 4.4.0, aarch64)
00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet
dependency: NONCE_GEN
00[LIB] feature CUSTOM:libcharon-receiver in critical plugin 'charon' has
unmet dependency: HASHER:HASH_SHA1
00[LIB] feature CUSTOM:libcharon-sa-managers in critical plugin 'charon'
has unmet dependency: HASHER:HASH_SHA1
00[LIB] failed to load 3 critical plugin features
00[DMN] initialization failed - aborting charon
How does charon knows that where to look for the plugins? I used
--enable-monolithic options and that means all the plugins should be there
in libstrongswan and libcharon and libvici.
I am getting similar to following issue. Not sure how it was resolved.
https://wiki.strongswan.org/issues/1299
root at Xilinx-ZCU102-2016_1:~# cd /usr/lib/ipsec
root at Xilinx-ZCU102-2016_1:/usr/lib/ipsec# ls
libcharon.a libstrongswan.a libvici.a plugins
libcharon.la libstrongswan.la libvici.la
root at Xilinx-ZCU102-2016_1:/usr/lib/ipsec# cd plugins/
root at Xilinx-ZCU102-2016_1:/usr/lib/ipsec/plugins# ls
libstrongswan-aes.a libstrongswan-pkcs7.a
libstrongswan-aes.la libstrongswan-pkcs7.la
libstrongswan-attr.a libstrongswan-pkcs8.a
libstrongswan-attr.la libstrongswan-pkcs8.la
libstrongswan-cmac.a libstrongswan-pubkey.a
libstrongswan-cmac.la libstrongswan-pubkey.la
libstrongswan-constraints.a libstrongswan-random.a
libstrongswan-constraints.la libstrongswan-random.la
libstrongswan-des.a libstrongswan-rc2.a
libstrongswan-des.la libstrongswan-rc2.la
libstrongswan-dnskey.a libstrongswan-resolve.a
libstrongswan-dnskey.la libstrongswan-resolve.la
libstrongswan-fips-prf.a libstrongswan-revocation.a
libstrongswan-fips-prf.la libstrongswan-revocation.la
libstrongswan-hmac.a libstrongswan-sha1.a
libstrongswan-hmac.la libstrongswan-sha1.la
libstrongswan-kernel-netlink.a libstrongswan-sha2.a
libstrongswan-kernel-netlink.la libstrongswan-sha2.la
libstrongswan-md5.a libstrongswan-socket-default.a
libstrongswan-md5.la libstrongswan-socket-default.la
libstrongswan-nonce.a libstrongswan-sshkey.a
libstrongswan-nonce.la libstrongswan-sshkey.la
libstrongswan-openssl.a libstrongswan-stroke.a
libstrongswan-openssl.la libstrongswan-stroke.la
libstrongswan-pem.a libstrongswan-updown.a
libstrongswan-pem.la libstrongswan-updown.la
libstrongswan-pgp.a libstrongswan-vici.a
libstrongswan-pgp.la libstrongswan-vici.la
libstrongswan-pkcs1.a libstrongswan-x509.a
libstrongswan-pkcs1.la libstrongswan-x509.la
libstrongswan-pkcs11.a libstrongswan-xauth-generic.a
libstrongswan-pkcs11.la libstrongswan-xauth-generic.la
libstrongswan-pkcs12.a libstrongswan-xcbc.a
libstrongswan-pkcs12.la libstrongswan-xcbc.la
Problem 2:
When running swanctl, I am getting following issue? Any pointer?
root at Xilinx-ZCU102-2016_1:/lib#
root at Xilinx-ZCU102-2016_1:/lib#
root at Xilinx-ZCU102-2016_1:/lib# swanctl
strongSwan 5.5.0 swanctl
loaded plugins:
usage:
swanctl --initiate (-i) initiate a connection
swanctl --terminate (-t) terminate a connection
swanctl --redirect (-d) redirect an IKE_SA
swanctl --uninstall (-u) uninstall a trap or shunt policy
swanctl --install (-p) install a trap or shunt policy
swanctl --list-sas (-l) list currently active IKE_SAs
swanctl --monitor-sa (-m) monitor for IKE_SA and CHILD_SA changes
swanctl --list-pols (-P) list currently installed policies
swanctl --list-authorities (-B) list loaded authority configurations
swanctl --list-conns (-L) list loaded configurations
swanctl --list-certs (-x) list stored certificates
swanctl --list-pools (-A) list loaded pool configurations
swanctl --list-algs (-g) show loaded algorithms
swanctl --load-all (-q) load credentials, authorities, pools and
connections
swanctl --load-authorities (-b) (re-)load authority configuration
swanctl --load-conns (-c) (re-)load connection configuration
swanctl --load-creds (-s) (re-)load credentials
swanctl --load-pools (-a) (re-)load pool configuration
swanctl --log (-T) trace logging output
swanctl --version (-v) show version information
swanctl --stats (-S) show daemon stats information
swanctl --reload-settings (-r) reload daemon strongswan.conf
swanctl --help (-h) show usage information
libgcc_s.so.1 must be installed for pthread_cancel to work
Aborted
On Wed, Oct 19, 2016 at 2:43 PM, rajeev nohria <rajnohria at gmail.com> wrote:
> Thomas,
>
> I tired both way and did not help. Not sure what I could be missing. In
> following I also tried removing swanctl section, that also did not work.
>
>
> # strongswan.conf - strongSwan configuration file
> #
> # Refer to the strongswan.conf(5) manpage for details
> #
> # Configuration changes should be made in the included files
>
> swanctl {
> load = pem pkcs1 x509 revocation constraints pubkey openssl random
> }
>
>
> charon {
> load_modular = yes
> plugins {
> include strongswan.d/charon/*.conf
> }
> }
>
> filelog {
> /var/log/charon.log {
> # add a timestamp prefix
> time_format = %b %e %T
> # prepend connection name, simplifies grepping
> ike_name = yes
> # overwrite existing files
> append = no
> # increase default loglevel for all daemon subsystems
> default = 10
> # flush each line to disk
> flush_line = yes
> }
> stderr {
> # more detailed loglevel for a specific subsystem, overriding
> the
> # default loglevel.
> ike = 4
> cfg = 4
> asn = 4
> app = 4
> tls = 4
> esp = 4
> chd = 4
> knl = 0
>
> }
> }
>
>
>
> include strongswan.d/charon/*.conf
>
>
>
>
>
> *root at Xilinx-ZCU102-2016_1:/usr/etc/strongswan.d/charon# ls*
> aes.conf pem.conf sha1.conf
> attr.conf pgp.conf sha2.conf
> cmac.conf pkcs1.conf socket-default.conf
> constraints.conf pkcs11.conf sshkey.conf
> des.conf pkcs12.conf stroke.conf
> dnskey.conf pkcs7.conf updown.conf
> fips-prf.conf pkcs8.conf vici.conf
> hmac.conf pubkey.conf x509.conf
> kernel-netlink.conf random.conf xauth-generic.conf
> md5.conf rc2.conf xcbc.conf
> nonce.conf resolve.conf
> openssl.conf revocation.conf
>
>
> root at Xilinx-ZCU102-2016_1:/usr/etc/strongswan.d/charon# *cat nonce.conf*
> nonce {
>
> # Whether to load the plugin. Can also be an integer to increase the
> # priority of this plugin.
> load = yes
>
> }
>
>
>
>
>
>
>
> On Tue, Oct 18, 2016 at 3:03 PM, Thomas Egerer <hakke_007 at gmx.de> wrote:
>
>> Rajeev,
>>
>> I guess, the config option '--enable-monolithic' option
>> builds charon with all plugins compiled into one binary
>> blob. Try and remove this option. Then remove the
>> load_modular option from your strongwan.conf, or place
>> the configuration snippets in your file system as
>> described in [1]. Then of course, you would have to
>> remove the load keyword from your strongswan.conf.
>>
>> Cheers,
>> Thomas
>>
>> [1] https://wiki.strongswan.org/projects/strongswan/wiki/Strongs
>> wandirectory
>>
>>
>> On 10/18/2016 04:37 PM, rajeev nohria wrote:
>>
>>> Noel,
>>>
>>> I still having issue after going through many hit and trial method to
>>> fix this,
>>>
>>> root at Xilinx-ZCU102-2016_1:~# charon
>>> 00[DMN] Starting IKE charon daemon (strongSwan 5.5.0, Linux 4.4.0,
>>> aarch64)
>>> 00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet
>>> dependency: NONCE_GEN
>>> 00[LIB] feature CUSTOM:libcharon-receiver in critical plugin 'charon'
>>> has unmet dependency: HASHER:HASH_SHA1
>>> 00[LIB] feature CUSTOM:libcharon-sa-managers in critical plugin 'charon'
>>> has unmet dependency: HASHER:HASH_SHA1
>>> 00[LIB] failed to load 3 critical plugin features
>>> 00[DMN] initialization failed - aborting charon
>>>
>>>
>>> Makefile:
>>>
>>> CONF_OPTS += --disable-gmp --enable-monolithic --enable-openssl
>>> --enable-pkcs11 --enable-vici --enable-x509 --enable-nonce
>>>
>>>
>>>
>>>
>>> strongswan.conf
>>> # strongswan.conf - strongSwan configuration file
>>> #
>>> # Refer to the strongswan.conf(5) manpage for details
>>> #
>>> # Configuration changes should be made in the included files
>>>
>>> swanctl {
>>> load = pem pkcs1 x509 revocation constraints pubkey openssl random
>>> }
>>>
>>> charon {
>>> load_modular = yes
>>> load = sha1 pem pkcs1 x509 revocation constraints pubkey openssl random
>>> nonce curl kernel-netlink socket-default updown vici
>>>
>>> plugins {
>>> include strongswan.d/charon/*.conf
>>> }
>>> }
>>>
>>> filelog {
>>> /var/log/charon.log {
>>> # add a timestamp prefix
>>> time_format = %b %e %T
>>> # prepend connection name, simplifies grepping
>>> ike_name = yes
>>> # overwrite existing files
>>> append = no
>>> # increase default loglevel for all daemon subsystems
>>> default = 10
>>> # flush each line to disk
>>> flush_line = yes
>>> }
>>> stderr {
>>> # more detailed loglevel for a specific subsystem,
>>> overriding the
>>> # default loglevel.
>>> ike = 4
>>> cfg = 4
>>> asn = 4
>>> app = 4
>>> tls = 4
>>> esp = 4
>>> chd = 4
>>> knl = 0
>>>
>>> }
>>> }
>>>
>>>
>>> On Sat, Oct 8, 2016 at 7:41 PM, Noel Kuntze <noel at familie-kuntze.de
>>> <mailto:noel at familie-kuntze.de>> wrote:
>>>
>>> Hello Rajeevm
>>> >
>>> > 00[DMN] Starting IKE charon daemon (strongSwan 5.5.0, Linux 4.4.0,
>>> aarch64)
>>> > 00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has
>>> unmet dependency: NONCE_GEN
>>> > 00[LIB] feature CUSTOM:libcharon-receiver in critical plugin
>>> 'charon' has unmet dependency: HASHER:HASH_SHA1
>>> > 00[LIB] feature CUSTOM:libcharon-sa-managers in critical plugin
>>> 'charon' has unmet dependency: HASHER:HASH_SHA1
>>> > 00[LIB] failed to load 3 critical plugin features
>>> > 00[DMN] initialization failed - aborting charon
>>>
>>> You need the sha1 or the openssl plugin, as well as the nonce plugin.
>>> Please use google[1] next time.
>>>
>>> [1]
>>> https://encrypted.google.com/search?hl=en&q=site%3Awiki.stro
>>> ngswan.org%20%22libcharon%20in%20critical%20plugin%20%27char
>>> on%27%20has%20unmet%20dependency%3A%20NONCE_GEN%22
>>> <https://encrypted.google.com/search?hl=en&q=site%3Awiki.str
>>> ongswan.org%20%22libcharon%20in%20critical%20plugin%20%27cha
>>> ron%27%20has%20unmet%20dependency%3A%20NONCE_GEN%22>
>>>
>>> --
>>>
>>> Mit freundlichen Grüßen/Kind Regards,
>>> Noel Kuntze
>>>
>>> GPG Key ID: 0x63EC6658
>>> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.strongswan.org
>>> https://lists.strongswan.org/mailman/listinfo/users
>>>
>>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161027/5d47de42/attachment-0001.html>
More information about the Users
mailing list