[strongSwan] querying policy failed: No such file or directory

Trey Lawrence trey at spell.run
Tue Mar 7 22:51:57 CET 2017


Hi,

I'm trying to get a vpn connection set up to my aws vpc. I've been using
this tutorial:
https://docs.openvpn.net/how-to-tutorialsguides/administration/extending-vpn-connectivity-to-amazon-aws-vpc-using-aws-vpc-vpn-gateway-service/

After completing the tutorial, the two tunnel connections are shown as
"established", but I'm still unable to ping or ssh into an instance in my
aws vpc (10.31.0.0/16 subnet) from my local network (10.2.0.0/16 subnet).
Looking at the syslogs, I keep getting an error:
charon: 08[KNL] querying policy failed: No such file or directory (2)

Is there a way that I can debug this further? If I increase the log level
for KNL, it just puts the full request body, but that doesn't tell me much.
Any help would be much appreciated.
Thanks!
Trey

Below are the syslogs:
charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.5, Linux
4.4.0-65-generic, x86_64)
charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
charon: 00[CFG] loading ocsp signer certificates from
'/etc/ipsec.d/ocspcerts'
charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
charon: 00[CFG]   loaded IKE secret for 52.52.149.175
charon: 00[CFG]   loaded IKE secret for 52.52.188.153
charon: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4
md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8
pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr
kernel-netlink resolve socket-default connmark stroke updown
charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
charon: 00[JOB] spawning 16 worker threads
charon: 05[CFG] received stroke: add connection 'VPC-CUST-GW1'
charon: 05[CFG] added configuration 'VPC-CUST-GW1'
charon: 07[CFG] received stroke: initiate 'VPC-CUST-GW1'
charon: 07[IKE] initiating Main Mode IKE_SA VPC-CUST-GW1[1] to 52.52.149.175
charon: 07[ENC] generating ID_PROT request 0 [ SA V V V V ]
charon: 07[NET] sending packet: from 10.2.5.209[500] to 52.52.149.175[500]
(216 bytes)
charon: 09[CFG] received stroke: add connection 'VPC-CUST-GW2'
charon: 09[CFG] added configuration 'VPC-CUST-GW2'
charon: 11[CFG] received stroke: initiate 'VPC-CUST-GW2'
charon: 11[IKE] initiating Main Mode IKE_SA VPC-CUST-GW2[2] to 52.52.188.153
charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V ]
charon: 11[NET] sending packet: from 10.2.5.209[500] to 52.52.188.153[500]
(216 bytes)
charon: 12[NET] received packet: from 52.52.149.175[500] to 10.2.5.209[500]
(124 bytes)
charon: 12[ENC] parsed ID_PROT response 0 [ SA V V ]
charon: 12[IKE] received DPD vendor ID
charon: 12[IKE] received NAT-T (RFC 3947) vendor ID
charon: 12[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
charon: 12[NET] sending packet: from 10.2.5.209[500] to 52.52.149.175[500]
(244 bytes)
charon: 13[NET] received packet: from 52.52.188.153[500] to 10.2.5.209[500]
(124 bytes)
charon: 13[ENC] parsed ID_PROT response 0 [ SA V V ]
charon: 13[IKE] received DPD vendor ID
charon: 13[IKE] received NAT-T (RFC 3947) vendor ID
charon: 13[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
charon: 13[NET] sending packet: from 10.2.5.209[500] to 52.52.188.153[500]
(244 bytes)
charon: 14[NET] received packet: from 52.52.149.175[500] to 10.2.5.209[500]
(228 bytes)
charon: 14[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
charon: 14[IKE] local host is behind NAT, sending keep alives
charon: 14[IKE] remote host is behind NAT
charon: 14[ENC] generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
charon: 14[NET] sending packet: from 10.2.5.209[4500] to
52.52.149.175[4500] (108 bytes)
charon: 15[NET] received packet: from 52.52.188.153[500] to 10.2.5.209[500]
(228 bytes)
charon: 15[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
charon: 15[IKE] local host is behind NAT, sending keep alives
charon: 15[IKE] remote host is behind NAT
charon: 15[ENC] generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
charon: 15[NET] sending packet: from 10.2.5.209[4500] to
52.52.188.153[4500] (108 bytes)
charon: 04[NET] received packet: from 52.52.149.175[4500] to
10.2.5.209[4500] (76 bytes)
charon: 04[ENC] parsed ID_PROT response 0 [ ID HASH ]
charon: 04[IKE] IKE_SA VPC-CUST-GW1[1] established between
10.2.5.209[10.2.5.209]...52.52.149.175[52.52.149.175]
charon: 04[IKE] scheduling reauthentication in 28257s
charon: 04[IKE] maximum IKE_SA lifetime 28797s
charon: 04[ENC] generating QUICK_MODE request 3236327339 <(323)%20632-7339>
[ HASH SA No KE ID ID ]
charon: 04[NET] sending packet: from 10.2.5.209[4500] to
52.52.149.175[4500] (316 bytes)
charon: 05[NET] received packet: from 52.52.188.153[4500] to
10.2.5.209[4500] (76 bytes)
charon: 05[ENC] parsed ID_PROT response 0 [ ID HASH ]
charon: 05[IKE] IKE_SA VPC-CUST-GW2[2] established between
10.2.5.209[10.2.5.209]...52.52.188.153[52.52.188.153]
charon: 05[IKE] scheduling reauthentication in 27850s
charon: 05[IKE] maximum IKE_SA lifetime 28390s
charon: 05[ENC] generating QUICK_MODE request 1265323422 [ HASH SA No KE ID
ID ]
charon: 05[NET] sending packet: from 10.2.5.209[4500] to
52.52.188.153[4500] (316 bytes)
charon: 06[NET] received packet: from 52.52.149.175[4500] to
10.2.5.209[4500] (300 bytes)
charon: 06[ENC] parsed QUICK_MODE response 3236327339 <(323)%20632-7339> [
HASH SA No KE ID ID ]
charon: 06[IKE] CHILD_SA VPC-CUST-GW1{1} established with SPIs cd5473da_i
242bba90_o and TS 10.2.0.0/16 === 10.31.0.0/16
charon: 07[NET] received packet: from 52.52.188.153[4500] to
10.2.5.209[4500] (300 bytes)
charon: 06[ENC] generating QUICK_MODE request 3236327339 <(323)%20632-7339>
[ HASH ]
charon: 07[ENC] parsed QUICK_MODE response 1265323422 [ HASH SA No KE ID ID
]
charon: 06[NET] sending packet: from 10.2.5.209[4500] to
52.52.149.175[4500] (60 bytes)
charon: 07[IKE] CHILD_SA VPC-CUST-GW2{2} established with SPIs ca464c0c_i
1709d2c0_o and TS 10.2.0.0/16 === 10.31.0.0/16
charon: 07[ENC] generating QUICK_MODE request 1265323422 [ HASH ]
charon: 07[NET] sending packet: from 10.2.5.209[4500] to
52.52.188.153[4500] (60 bytes)
charon: 04[KNL] querying policy failed: No such file or directory (2)
charon: 04[KNL] querying policy failed: No such file or directory (2)
charon: 04[IKE] sending DPD request
charon: 04[ENC] generating INFORMATIONAL_V1 request 1507408569 [ HASH
N(DPD) ]
charon: 04[NET] sending packet: from 10.2.5.209[4500] to
52.52.149.175[4500] (92 bytes)
charon: 05[KNL] querying policy failed: No such file or directory (2)
charon: 05[KNL] querying policy failed: No such file or directory (2)
charon: 05[IKE] sending DPD request
charon: 05[ENC] generating INFORMATIONAL_V1 request 3354854972 [ HASH
N(DPD) ]
charon: 05[NET] sending packet: from 10.2.5.209[4500] to
52.52.188.153[4500] (92 bytes)
charon: 06[NET] received packet: from 52.52.149.175[4500] to
10.2.5.209[4500] (92 bytes)
charon: 06[ENC] parsed INFORMATIONAL_V1 request 600367776 [ HASH N(DPD_ACK)
]
charon: 07[NET] received packet: from 52.52.188.153[4500] to
10.2.5.209[4500] (92 bytes)
charon: 07[ENC] parsed INFORMATIONAL_V1 request 2406256945
<(240)%20625-6945> [ HASH N(DPD_ACK) ]
charon: 08[KNL] querying policy failed: No such file or directory (2)
charon: 09[KNL] querying policy failed: No such file or directory (2)
charon: 10[KNL] querying policy failed: No such file or directory (2)
charon: 10[KNL] querying policy failed: No such file or directory (2)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170307/0a79fe1a/attachment.html>


More information about the Users mailing list