[strongSwan] plugins load warnings

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Fri Mar 2 18:36:57 CET 2018


Disable kernel-libipsec and the first warning should be gone. Then warnings about DSA aren't relevant, because you don't
use DSA certificates, do you? Btw, you don't need about 75% of the plugins you have loaded right now.

Kind regards


On 02.03.2018 14:51, Volodymyr Litovka wrote:
> Hi colleagues,
> I'm installing and configuring Strongswan inside VM (KVM on Intel Xeon CPU D-1521) with Ubuntu 17.10.
> With all plugins enabled, when I start strongswan service, I see the following messages in the log:
> 1) The first question is how this impact performace, whether it need to be loaded and how? -
> Mar  2 15:32:44 vpn strongswan: 00[LIB] feature CUSTOM:kernel-ipsec in plugin 'kernel-netlink' failed to load
> 2) plugin "pem" has unmet dependencies - not sure it's important, just ask in case - should it be?
> Mar  2 15:32:44 vpn strongswan: 00[LIB] feature PUBKEY:DSA in plugin 'pem' has unmet dependency: PUBKEY:DSA
> Mar  2 15:32:44 vpn strongswan: 00[LIB] feature PRIVKEY:DSA in plugin 'pem' has unmet dependency: PRIVKEY:DSA
> Mar  2 15:32:44 vpn strongswan: 00[LIB] feature CERT_DECODE:OCSP_REQUEST in plugin 'pem' has unmet dependency: CERT_DECODE:OCSP_REQUEST
> Loaded modules list -
> Mar  2 15:32:44 vpn strongswan: 00[LIB] loaded plugins: charon test-vectors unbound ldap pkcs11 aesni aes rc2 sha2 sha1 md4 md5 mgf1 rdrand random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-libipsec kernel-netlink resolve socket-default connmark farp stroke vici updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity
> Thank you.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180302/3daf0dcd/attachment.sig>

More information about the Users mailing list