Am Dienstag, 6. Juli 2010 schrieb Andreas Steffen:
Hi Wolfgang,
I suspect that either the socket_default (IKEv2 only running)
or socket_raw (IKEv1 IKEv2 running) plugin is not loaded.
Could you provide a strongSwan log file?
This is the log from hummel (I made some things anonymous).
The log from biene is analog.
I checked with tcpdump that both packets were sent and arrived.
===
Jun 29 23:58:54 hummel charon: 00[DMN] Starting IKEv2 charon daemon (strongSwan
4.4.0)
Jun 29 23:58:54 hummel charon: 00[CFG] attr-sql plugin: database URI not set
Jun 29 23:58:54 hummel charon: 00[LIB] plugin 'attr-sql': failed to load -
attr_sql_plugin_create returned NULL
Jun 29 23:58:54 hummel charon: 00[KNL] listening on interfaces:
Jun 29 23:58:54 hummel charon: 00[KNL] eth0
Jun 29 23:58:54 hummel charon: 00[KNL] 10.10.10.2
Jun 29 23:58:54 hummel charon: 00[KNL] fe80:::::
Jun 29 23:58:54 hummel charon: 00[KNL] is0
Jun 29 23:58:54 hummel charon: 00[KNL] ::::::a0a:a02
Jun 29 23:58:54 hummel charon: 00[KNL] fe80::5efe:a0a:a02
Jun 29 23:58:54 hummel charon: 00[CFG] loading ca certificates from
'/etc/ipsec.d/cacerts'
Jun 29 23:58:54 hummel charon: 00[CFG] loading aa certificates from
'/etc/ipsec.d/aacerts'
Jun 29 23:58:54 hummel charon: 00[CFG] loading ocsp signer certificates from
'/etc/ipsec.d/ocspcerts'
Jun 29 23:58:54 hummel charon: 00[CFG] loading attribute certificates from
'/etc/ipsec.d/acerts'
Jun 29 23:58:54 hummel charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Jun 29 23:58:54 hummel charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Jun 29 23:58:54 hummel charon: 00[CFG] loaded RSA private key from
'/etc/ipsec.d/private/hummelKey.pem'
Jun 29 23:58:54 hummel charon: 00[CFG] sql plugin: database URI not set
Jun 29 23:58:54 hummel charon: 00[LIB] plugin 'sql': failed to load -
sql_plugin_create returned NULL
Jun 29 23:58:54 hummel charon: 00[CFG] no RADUIS secret defined
Jun 29 23:58:54 hummel charon: 00[CFG] RADIUS plugin initialization failed
Jun 29 23:58:54 hummel charon: 00[LIB] plugin 'eap-radius': failed to load -
eap_radius_plugin_create returned NULL
Jun 29 23:58:54 hummel charon: 00[CFG] mediation database URI not defined,
skipped
Jun 29 23:58:54 hummel charon: 00[LIB] plugin 'medsrv': failed to load -
medsrv_plugin_create returned NULL
Jun 29 23:58:54 hummel charon: 00[CFG] mediation client database URI not
defined, skipped
Jun 29 23:58:54 hummel charon: 00[LIB] plugin 'medcli': failed to load -
medcli_plugin_create returned NULL
Jun 29 23:58:54 hummel charon: 00[LIB] plugin 'nm': failed to
load '/usr/lib/ipsec/plugins/libstrongswan-nm.so' -
/usr/lib/ipsec/plugins/libstrongswan-nm.so: cannot open shared object file: No
such
file or directory
Jun 29 23:58:54 hummel charon: 00[CFG] HA config misses local/remote address
Jun 29 23:58:54 hummel charon: 00[LIB] plugin 'ha': failed to load -
ha_plugin_create returned NULL
Jun 29 23:58:54 hummel charon: 00[DMN] loaded plugins: curl ldap aes des sha1
sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem openssl
fips-prf xcbc hmac agent gmp attr kernel-netlink socket-default socket-raw
socket-dynamic farp stroke updown eap-identity eap-aka eap-md5
eap-gtc eap-mschapv2 dhcp resolve
Jun 29 23:58:54 hummel charon: 00[JOB] spawning 16 worker threads
Jun 29 23:58:54 hummel charon: 04[CFG] received stroke: add connection
'hummel_biene'
Jun 29 23:58:54 hummel charon: 04[CFG] loaded certificate C=DE, CN=hummel
from 'hummelCert.pem'
Jun 29 23:58:54 hummel charon: 04[CFG] id '10.10.10.2' not confirmed by
certificate, defaulting to 'C=DE, CN=hummel'
Jun 29 23:58:54 hummel charon: 04[CFG] loaded certificate C=DE, CN=biene
from 'bieneCert.pem'
Jun 29 23:58:54 hummel charon: 04[CFG] id '10.10.10.1' not confirmed by
certificate, defaulting to 'C=DE, CN=biene'
Jun 29 23:58:54 hummel charon: 04[CFG] added configuration 'hummel_biene'
Jun 29 23:58:54 hummel charon: 09[CFG] received stroke: initiate 'hummel_biene'
Jun 29 23:58:54 hummel charon: 09[IKE] initiating IKE_SA hummel_biene[1] to
10.10.10.1
Jun 29 23:58:54 hummel charon: 09[ENC] generating IKE_SA_INIT request 0 [ SA KE
No N(NATD_S_IP) N(NATD_D_IP) ]
Jun 29 23:58:54 hummel charon: 09[NET] sending packet: from 10.10.10.2[500] to
10.10.10.1[500]
Jun 29 23:58:54 hummel charon: 13[CFG] received stroke: add connection
'hummel_wespe'
Jun 29 23:58:54 hummel charon: 13[CFG] loaded certificate C=DE, ST=X,
L=X, O=X, CN=hummel, E=X from 'hummelCert.der'
Jun 29 23:58:54 hummel charon: 13[CFG] id '10.10.10.2' not confirmed by
certificate, defaulting to 'C=DE, ST=X, L=X, O=X,
CN=hummel, E=X'
Jun 29 23:58:54 hummel charon: 13[CFG] loaded certificate C=DE, ST=X,
L=X, O=X, CN=wespe, E=X from 'wespeCert.der'
Jun 29 23:58:54 hummel charon: 13[CFG] id '10.10.10.3' not confirmed by
certificate,