[strongSwan] Failure connecting VICI socket: permission denied

Terry Fu terryfcc at icloud.com
Wed Nov 8 08:53:43 CET 2017

Hi Jafar,

You are right! 
After I allowed user “frr” to access “charon.vici”, the error message is gone.

Now I’m getting this error message.

2017/11/08 15:41:45 NHRP: VICI: StrongSwan does not support mandatory events (unpatched?)

I installed tteras’ patched version of strongswan.
However I’m not sure how to tell if it’s properly installed.

I got it from git:   git clone git://git.alpinelinux.org/user/tteras/strongswan
Then I used the “autogen.sh” script, then “configure", then “make; make install”.

Not sure if I have done anything wrong, or missed anything.

Is there a way to validate that Strongswan is properly patched and installed?



On 8 November 2017 at 00:34:52, Jafar Al-Gharaibeh (jafar at atcorp.com) wrote:


    From the limited information you are giving, my guess is that nhrpd doesn't have permissions to access the VICI socket. nhrpd is probably configured as  part of FRR/Quagga  with permissions to access  /var/run/frr or /var/run/quagga only. Whereas the vici socket, according to


is: unix:///var/run/charon.vici

Give nhrpd permissions to access to this file and you should be good to.


On 11/7/2017 10:06 AM, Chengcheng Fu wrote:


I’m trying to setup nhrpd with strongswan, and I’m getting this error message.

Failure connecting VICI socket: permission denied

I wonder if there is a way to test the VICI socket and see if it’s running properly?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171108/93b037a6/attachment.html>

More information about the Users mailing list