[strongSwan] stroke rereadsecrets fails to include strongswan.conf

Thu Jan 19 08:01:38 CET 2017

Hi,

I am using strongswan version 5.0.2. This installation seems to work 
quite well till recently. I am not sure what have caused this error. 
When we run the command ipsec secrets this command fails with the below 
error.

[etc]$ sudo bash -x /usr/local/sbin/ipsec secrets
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin
+ export PATH
++ uname -s
+ OS_NAME=Linux
+ IPSEC_NAME=strongSwan
++ uname -r
+ IPSEC_VERSION=U5.0.2/K2.6.39-400.17.1.el6uek.x86_64
+ IPSEC_DIR=/usr/local/libexec/ipsec
+ IPSEC_SBINDIR=/usr/local/sbin
+ IPSEC_CONFDIR=/usr/local/etc
+ IPSEC_PIDDIR=/var/run
+ IPSEC_SCRIPT=ipsec
+ IPSEC_STARTER_PID=/var/run/starter.pid
+ IPSEC_CHARON_PID=/var/run/charon.pid
+ IPSEC_STROKE=/usr/local/libexec/ipsec/stroke
+ IPSEC_STARTER=/usr/local/libexec/ipsec/starter
+ export IPSEC_DIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT 
IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID
+ IPSEC_DISTRO='Institute for Internet Technologies and 
Applications\nUniversity of Applied Sciences Rapperswil, Switzerland'
+ case "$1" in
+ rc=7
+ '[' -e /var/run/charon.pid ']'
+ /usr/local/libexec/ipsec/stroke rereadsecrets
*parsing value failed near**
**failed to include '/tmp/*-strongswan.conf'*

[etc]$ ls -lrt /tmp/*-strongswan.conf
-rw-r--r-- 1 root root 1490 Oct 19 08:30 /tmp/strongSwan-strongswan.conf
-rw-r--r-- 1 root root    0 Jan 18 21:43 
/tmp/strongSwan-init-strongswan.conf

and /tmp/strongSwan-strongswan.conf file is as follows:

charon {
         install_virtual_ip = no

         filelog {
             /var/log/charon.log {
                 # add a timestamp prefix
                 time_format = %b %e %T
                 # loggers to files also accept the append option to 
open files in
                 # append mode at startup (default is yes)
                 append = yes
                 # the default loglevel for all daemon subsystems 
(defaults to 1).
                 default = 1
                 # flush each line to disk
                 flush_line = yes
             }
             stderr {
                 # more detailed loglevel for a specific subsystem, 
overriding the
                 # default loglevel.
                 ike = 2
                 knl = 3
                 # prepend connection name, simplifies grepping
                 ike_name = yes
            }
       }
       # And two loggers using syslog. The subsections define the 
facility to log
       # to, currently one of: daemon, auth.
       syslog {
         # optional identifier used with openlog(3), prepended to each 
log message
         # by syslog. if not configured, openlog(3) is not called, so 
the value will
         # depend on system defaults (usually the program name)
         identifier = charon-custom
         # default level to the LOG_DAEMON facility
         daemon {
             default = 0
         }
         # very minimalistic IKE auditing logs to LOG_AUTHPRIV
         auth {
             default = -1
             ike = 0
         }
     }
}

Can somebody help me in identifying what exactly is the issue? I am 
suspecting some thing related to configuration.

Thanks,
Sirisha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170119/1317e126/attachment.html>