[strongSwan] NO_PROPOSAL_CHOSEN when using 5.6.2 on Ubuntu 18.04

Noel Kuntze noel.kuntze at thermi.consulting
Fri May 14 23:48:29 CEST 2021


Yes. Make sure you only either run the daemon using "ipsec restart"/"ipsec start", or using the init daemon of your system.

Am 14.05.21 um 22:20 schrieb Karuna Sagar Krishna:
> I think I figured out the issue. There were 2 instances of starter process running. Would this have caused `sudo ipsec update` to not really take effect?
>
> root      3625     1  0 May12 ?        00:00:00 /usr/lib/ipsec/starter --daemon charon --nofork
> root      4246  3625  0 May12 ?        00:00:02 /usr/lib/ipsec/charon
> root      5313     1  0 May12 ?        00:00:00 /usr/lib/ipsec/starter --daemon charon
>
> --karuna
>
>
> On Wed, May 12, 2021 at 12:24 PM Karuna Sagar Krishna <karunasagark at gmail.com <mailto:karunasagark at gmail.com>> wrote:
>
>     I see that `sudo ipsec status` return exit code 3. Couldn't find the significance of this exit code in the documentation. Can you help understand what exit code 3 implies?
>
>     --karuna
>
>
>     On Wed, May 12, 2021 at 10:15 AM Noel Kuntze <noel.kuntze at thermi.consulting> wrote:
>
>         the strace isn't useful because starter is doing the reading and loading of the config. "ipsec" only tells starter to do that.
>         Please run dos2unix on the config files on the server and check if that helps.
>
>         Am 12.05.21 um 18:49 schrieb Karuna Sagar Krishna:
>         > Ah yes, that is probably because I copied the contents of ipsec.conf from my terminal window to notepad. I verified that on the Ubuntu nodes it uses Unix line endings and in production scenario this file is generated by scripts on the Ubuntu node itself.
>         >
>         > --karuna
>         >
>         >
>         > On Wed, May 12, 2021 at 6:58 AM Tobias Brunner <tobias at strongswan.org <mailto:tobias at strongswan.org> <mailto:tobias at strongswan.org <mailto:tobias at strongswan.org>>> wrote:
>         >
>         >     Hi Karuna,
>         >
>         >     > @Tobias Brunner <mailto:tobias at strongswan.org <mailto:tobias at strongswan.org> <mailto:tobias at strongswan.org <mailto:tobias at strongswan.org>>> do you have any inputs on
>         >     > this issue?
>         >
>         >     Make sure your config file uses Unix line endings (\n) and not Windows
>         >     (\r\n), which the file you sent does.
>         >
>         >     Regards,
>         >     Tobias
>         >
>
>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210514/dc7900a4/attachment.sig>


More information about the Users mailing list