[strongSwan] problem: fetching from hash_and_url

Andreas Steffen andreas.steffen at strongswan.org
Thu Mar 1 13:16:47 CET 2018 

Hi Mike,

you have to enable and build the curl plugin which in turn
needs the libcurl header files provided e.g. by the
libcurl4-openssl-dev Debian/Ubuntu package.

  make clean
  ./configure <other options> --enable-curl
  make
  sudo make install

Regards

Andreas

On 01.03.2018 12:38, Mike.Ettrich at bertelsmann.de wrote:
> Hi!
> 
>  
> 
> We want to use certificate exchange by using a hash_and_url-server.
> 
>  
> 
> What we found in the Charon-log is:
> 
>  
> 
> Mar  1 11:37:45 08[CFG] <RU1-TI|4>   fetching certificate from
> 'http://146.185.113.20/99970a34dffce65a5fb9179d0a23212135b36197' ...
> 
> Mar  1 11:37:45 08[LIB] <RU1-TI|4> unable to fetch from
> http://146.185.113.20/99970a34dffce65a5fb9179d0a23212135b36197, no
> capable fetcher found
> 
> Mar  1 11:37:45 08[CFG] <RU1-TI|4>   fetching certificate failed
> 
>> 
> Mar  1 11:37:45 08[ENC] <RU1-TI|4> generating IKE_AUTH response 1 [
> N(AUTH_FAILED) ]
> 
>  
> 
> As I could find in the users-mailing-list a capable fetcher could be
> provided by the curl-plugin.
> 
>  
> 
> Our installations statusall shows:
> 
>  
> 
> sudo ipsec statusall
> 
> Status of IKE charon daemon (strongSwan 5.5.3, Linux
> 4.4.103-6.38-default, x86_64):
> 
>   uptime: 54 minutes, since Mar 01 11:41:29 2018
> 
>   malloc: sbrk 2969600, mmap 0, used 693088, free 2276512
> 
>   worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
> scheduled: 0
> 
>   loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509
> pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp
> curve25519 xcbc cmac hmac attr kernel-netlink socket-default stroke vici
> updown xauth-generic
> 
>  
> 
> Do we need to install additional plugins?
> 
>  
> 
> Kind regards,
> 
> Mike.
> 

-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[INS-HSR]==

More information about the Users mailing list